Ubuntu: Security Advisory (USN-4236-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4236-2: Libgcrypt vulnerability

USN-4236-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding fix for Ubuntu 16.04 LTS. Original advisory details: It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information...

USN-4236-2 libgcrypt20 vulnerability

USN-4236-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding fix for Ubuntu 16.04 LTS. Original advisory details: It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information...

openSUSE: Security Advisory for libgcrypt (openSUSE-SU-2020:0022-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

USN-4236-1: Libgcrypt vulnerability

It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information...

USN-4236-1 libgcrypt20 vulnerability

It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information...

OPENSUSE-SU-2020:0022-1 Security update for libgcrypt

This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigation against an ECDSA timing attack bsc1148987. Bug fixes: - Added CMAC AES self test bsc1155339. - Added CMAC TDES self test missing bsc1155338. - Fix test dsa-rfc6979 in FIPS mode. This update w...

EulerOS Virtualization for ARM 64 3.0.5.0 : libgcrypt (EulerOS-SA-2020-1085)

According to the versions of the libgcrypt package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected:...

Security update for libgcrypt (moderate)

openSUSE Security Update: Security update for libgcrypt Announcement ID: openSUSE-SU-2020:0022-1 Rating: moderate References: 1148987 1155338 1155339 Cross-References: CVE-2019-13627 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has two fixes is now available...

Fedora Update for libgcrypt FEDORA-2019-6c96156c32

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 Security Update : libgcrypt (SUSE-SU-2019:3392-1)

This update for libgcrypt fixes the following issues : Security issues fixed : CVE-2019-13627: Mitigation against an ECDSA timing attack bsc1148987. Bug fixes: Added CMAC AES self test bsc1155339. Added CMAC TDES self test missing bsc1155338. Fix test dsa-rfc6979 in FIPS mode. Note that Tenable...

SUSE-SU-2019:3392-1 Security update for libgcrypt

This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigation against an ECDSA timing attack bsc1148987. Bug fixes: - Added CMAC AES self test bsc1155339. - Added CMAC TDES self test missing bsc1155338. - Fix test dsa-rfc6979 in FIPS mode...

EulerOS 2.0 SP5 : libgcrypt (EulerOS-SA-2019-2695)

According to the version of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate...

Side Channel Attack

libgcrypt.so is vulnerable to side-channel attack. The vulnerability exists as the library fails to perform ciphertext blinding for the Elgamal decryption, allowing a local attacker to compromise the server's private key through a crafted ciphertext and analyzing the fluctuations in the...

CVE-2014-3591

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during...

CVE-2015-0837

The mpipowm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."...

CVE-2014-3591

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during...

AZL-41815 CVE-2014-3591 affecting package grub2 for versions less than 2.06-25

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during...

DEBIAN-CVE-2015-0837

The mpipowm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."...

DEBIAN-CVE-2014-3591

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during...