Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Libgcrypt vulnerability (USN-3689-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3689-1 advisory. Keegan Ryan discovered that Libgcrypt was susceptible to a side-channel attack. A local attacker could possibly use this attack to recover...

USN-3689-2: Libgcrypt vulnerability

USN-3689-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Keegan Ryan discovered that Libgcrypt was susceptible to a side-channel attack. A local attacker could possibly use this attack to recover ECDSA private ke...

USN-3689-1: Libgcrypt vulnerability

Keegan Ryan discovered that Libgcrypt was susceptible to a side-channel attack. A local attacker could possibly use this attack to recover ECDSA private keys...

USN-3689-1 libgcrypt11, libgcrypt20 vulnerability

Keegan Ryan discovered that Libgcrypt was susceptible to a side-channel attack. A local attacker could possibly use this attack to recover ECDSA private keys...

Libgcrypt Information Disclosure Vulnerability

Libgcrypt is a general-purpose cryptographic library developed by the GNU Project based on the GnuPG code. The library implements a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, public key algorithms, and more. There is a security vulnerability in Libgcrypt...

Fedora Update for libgcrypt FEDORA-2018-1ea5beb4cf

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 28 Update: libgcrypt-1.8.3-1.fc28

Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version...

[SECURITY] Fedora 27 Update: libgpg-error-1.31-1.fc27

This is a library that defines common error values for all GnuPG components. Among these are GPG, GPGSM, GPGME, GPG-Agent, libgcrypt, pinentry, SmartCard Daemon and possibly more in the future...

Security Bulletin: A vulnerability in libgcrypt affects IBM Flex System Manager (FSM) (CVE-2017-7526)

Summary A vulnerability has been discovered in libgcrypt that is embedded in FSM. This bulletin addresses that issue. Vulnerability Details CVEID: CVE-2017-7526 DESCRIPTION: Libgcrypt could allow a remote attacker to obtain sensitive information, caused by a cache side-channel attack when using...

Security Bulletin: IBM Flex System Manager (FSM) is affected by a libgcrypt vulnerability (CVE-2016-6313)

Summary A security vulnerability has been identified in libgcrypt that is embedded in IBM FSM. This bulletin addresses this issue. Vulnerability Details CVEID: CVE-2016-6313 DESCRIPTION: GnuPG could provide weaker than expected security, caused by an error in the mixing functions when obtaining...

Fedora Update for libgcrypt FEDORA-2018-6788454ab6

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 27 : libgcrypt (2018-6788454ab6)

Minor security update to version 1.8.3 from upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

[SECURITY] Fedora 27 Update: libgcrypt-1.8.3-1.fc27

Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version...

[SECURITY] [DSA 4231-1] libgcrypt20 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4231-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 17, 2018 https://www.debian.org/security/faq -...

Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in the libgcrypt library (CVE-2016-6313)

Summary A vulnerability has been identified in the libgcrypt library. IBM Security Access Manager appliances use the libgcrypt library and are affected by this vulnerability. Vulnerability Details CVEID: CVE-2016-6313 DESCRIPTION: GnuPG could provide weaker than expected security, caused by an...

Security Bulletin: A vulnerability in GnuPG libgcrypt affects IBM Security Network Protection (CVE-2016-6313)

Summary A security vulnerability has been discovered in GnuPG libgcrypt, which is used by IBM Security Network Protection. Vulnerability Details CVEID: CVE-2016-6313 DESCRIPTION: GnuPG could provide weaker than expected security, caused by an error in the mixing functions when obtaining 4640 bits...

[ASA-201806-10] libgcrypt: private key recovery

Arch Linux Security Advisory ASA-201806-10 ========================================== Severity: High Date : 2018-06-16 CVE-ID : CVE-2018-0495 Package : libgcrypt Type : private key recovery Remote : No Link : https://security.archlinux.org/AVG-719 Summary ======= The package libgcrypt before...

Security Bulletin: libgcrypt vulnerability affects IBM MQ Appliance (CVE-2016-6313)

Summary A vulnerability discovered in the libgcrypt PRNG Pseudo-Random Number Generator affects IBM MQ Appliance. Vulnerability Details CVEID: CVE-2016-6313 DESCRIPTION: GnuPG could provide weaker than expected security, caused by an error in the mixing functions when obtaining 4640 bits from the...

CVE-2018-0495

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. T...

FreeBSD : libgcrypt -- side-channel attack vulnerability (9b5162de-6f39-11e8-818e-e8e0b747a45a)

GnuPG reports : Mitigate a local side-channel attack on ECDSA signature as described in the white paper 'Return on the Hidden Number Problem'. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-20...