EulerOS Virtualization 3.0.6.0 : nss-softokn (EulerOS-SA-2020-1754)

According to the versions of the nss-softokn packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. Thi...

EulerOS 2.0 SP2 : libgcrypt (EulerOS-SA-2020-1672)

According to the versions of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proxima...

Huawei EulerOS: Security Advisory for libgcrypt (EulerOS-SA-2020-1672)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.2.0 : libgcrypt (EulerOS-SA-2020-1571)

According to the versions of the libgcrypt package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - DISPUTED The GNU Multiple Precision Arithmetic Library GMP interfaces for PHP through 7.1.4 allow attackers to cause...

Huawei EulerOS: Security Advisory for libgcrypt (EulerOS-SA-2020-1571)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libgcrypt (EulerOS-SA-2020-1498)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.2 : libgcrypt (EulerOS-SA-2020-1498)

According to the versions of the libgcrypt package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext...

Huawei EulerOS: Security Advisory for libgcrypt (EulerOS-SA-2020-1400)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : libgcrypt (EulerOS-SA-2020-1400)

According to the versions of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proxima...

Photon OS 1.0: Libgcrypt PHSA-2020-1.0-0288

An update of the libgcrypt package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-1.0-0288. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. T...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0227

An update of 'libtiff', 'python2', 'bubblewrap', 'postgresql', 'yarn', 'libgcrypt', 'haproxy' packages of Photon OS has been released...

Important Photon OS Security Update - PHSA-2020-0227

Updates of 'haproxy', 'yarn', 'libgcrypt', 'python2', 'libtiff', 'postgresql', 'bubblewrap' packages of Photon OS have been released...

ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. T...

Amazon Linux AMI : nss, nss-softokn, nss-util, nspr (ALAS-2020-1355)

The version of nspr installed on the remote host is prior to 4.21.0-1.43. The version of nss installed on the remote host is prior to 3.44.0-7.84. The version of nss-softokn installed on the remote host is prior to 3.44.0-8.44. The version of nss-util installed on the remote host is prior to...

GLSA-202003-32 : Libgcrypt: Side-channel attack

The remote host is affected by the vulnerability described in GLSA-202003-32 Libgcrypt: Side-channel attack A timing attack was found in the way ECCDSA was implemented in Libgcrypt. Impact : A local man-in-the-middle attacker, during signature generation, could possibly recover the private key...

Libgcrypt: Side-channel attack

Background Libgcrypt is a general purpose cryptographic library derived out of GnuPG. Description A timing attack was found in the way ECCDSA was implemented in Libgcrypt. Impact A local man-in-the-middle attacker, during signature generation, could possibly recover the private key. Workaround...

Huawei EulerOS: Security Advisory for libgcrypt (EulerOS-SA-2020-1189)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the cipher/elgamal.c component of the Libgcrypt cryptographic library, which allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the cipher/elgamal.c component of the Libgcrypt cryptographic library is related to the use of cryptographic algorithms that contain vulnerabilities or risks. Exploiting this vulnerability could allow a remote attacker to gain unauthorized access to protected information...

EulerOS Virtualization for ARM 64 3.0.2.0 : libgcrypt (EulerOS-SA-2020-1189)

According to the versions of the libgcrypt package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and...