PT-2019-13013 · Gnu +2 · Libgcrypt +2

Name of the Vulnerable Software and Affected Versions: Libgcrypt version 1.8.4 Description: The C implementation of AES in Libgcrypt is susceptible to a flush-and-reload side-channel attack. This occurs because physical addresses are accessible to other processes, and the C implementation is used...

ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. T...

ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. T...

EulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1546)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigat...

EulerOS Virtualization 3.0.1.0 : libgcrypt (EulerOS-SA-2019-1448)

According to the version of the libgcrypt package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A design flaw was found in the libgcrypt PRNG Pseudo-Random Number Generator. An attacker able to obtain the first 580 bytes of th...

The vulnerability of the pseudorandom number generator in the Libgcrypt cryptography library, related to information disclosure, allows a hacker to predict the output data.

The vulnerability of the pseudorandom number generator in the Libgcrypt cryptography library is related to an error that causes the generation of a 160-bit random number from a standard random number generator. Exploiting this vulnerability allows a remote attacker to predict the output data...

EulerOS Virtualization 2.5.4 : openssl (EulerOS-SA-2019-1201)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigat...

EulerOS Virtualization 2.5.3 : openssl (EulerOS-SA-2019-1185)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigat...

openSUSE Security Update : libgcrypt (openSUSE-2019-540)

This update for libgcrypt fixes the following issue : The following security issue was fixed : - CVE-2018-0495: Fixed a novel side-channel attack, by enabling blinding for ECDSA signatures bsc1097410 This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenabl...

Important Photon OS Security Update - PHSA-2019-0208

Updates of 'docker', 'libgcrypt', 'glibc' packages of Photon OS have been released...

Photon OS 1.0: Libgcrypt PHSA-2017-0040

An update of the libgcrypt package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0040. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121743...

Photon OS 1.0: Libgcrypt PHSA-2017-0013

An update of the libgcrypt package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0013. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121685...

Photon OS 1.0: Libgcrypt PHSA-2018-1.0-0182

An update of the libgcrypt package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-1.0-0182. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 2.0: Libgcrypt PHSA-2018-2.0-0091

An update of the libgcrypt package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-2.0-0091. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

The vulnerability of the _gcry_ecc_ecdsa_sign function in the Libgcrypt cryptographic library allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the gcryeccecdsasign function “cipher/ecc-ecdsa.c” in the cryptographic library Libgcrypt relates to the possibility of determining plausible values for basic parameters of a next digital signature by iterating through cache values and evaluating computational costs. This cou...

Security Bulletin: Vulnerability in libgcrypt affects IBM Chassis Management Module (CVE-2017-7526)

Summary IBM Chassis Management Module has addressed the following vulnerability in libgcrypt. Vulnerability Details Summary IBM Chassis Management Module has addressed the following vulnerability in libgcrypt. Vulnerability Details: CVEID: CVE-2017-7526 Description: Libgcrypt could allow a remote...

Information Leakage

The libgcrypt library is vulnerable to information leakage. The vulnerability exists because of a flaw in the libgcrypt PRNG Pseudo-Random Number Generator, leaking the first 580 bytes of the PRNG output which allows the attacker to guess the following 20 bytes...

Information Disclosure

libgcrypt is vulnerable to information disclosure attacks. The vulnerability exists as GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka...

Fedora 28 : libgcrypt (2018-1ea5beb4cf)

Minor security update to version 1.8.3 from upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

SUSE SLED15 / SLES15 Security Update : libgcrypt (SUSE-SU-2018:1993-1)

This update for libgcrypt fixes the following issue: The following security issue was fixed : - CVE-2018-0495: Fixed a novel side-channel attack, by enabling blinding for ECDSA signatures bsc1097410 Note that Tenable Network Security has extracted the preceding description block directly from the...