FreeBSD : gnupg -- attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output (e1c71d8d-64d9-11e6-b38a-25a46b33f2ed)

Werner Koch reports : There was a bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions. %NASLMINLEVEL 70300 C Tenable...

CVE-2016-6313

The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits...

UBUNTU-CVE-2016-6313

The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits...

gnupg -- attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output

Werner Koch reports: There was a bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions...

Fedora 23 : libgcrypt (2016-ec4c27d766)

New upstream release fixing CVE-2015-7511 low impact security issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora Update for libgcrypt FEDORA-2016-ec4c27d766

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 23 Update: libgcrypt-1.6.5-1.fc23

Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version...

Fedora Update for libgcrypt FEDORA-2016-83cd045bcc

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 24 : libgcrypt (2016-83cd045bcc)

New upstream release fixing CVE-2015-7511 low impact security issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

[SECURITY] Fedora 24 Update: libgcrypt-1.6.5-1.fc24

Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version...

Vulnerabilities in the Debian GNU/Linux operating system that allow a local attacker to compromise the confidentiality of protected information

The multiple vulnerabilities in the libgcrypt11 package of the Debian GNU/Linux operating system may lead to a violation of the confidentiality of protected information. These vulnerabilities can be exploited by local malicious individuals...

OracleVM 3.2 : libgcrypt (OVMSA-2016-0062)

The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2013-4242 GnuPG/libgcrypt susceptible to cache side-channel attack - Add GCRYCTLSETENFORCEDFIPSFLAG command %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this plug...

GLSA-201606-04 : GnuPG: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201606-04 GnuPG: Multiple vulnerabilities Multiple vulnerabilities have been discovered in GnuPG and libgcrypt, please review the CVE identifiers referenced below for details. Impact : A local attacker could possibly cause a Denia...

GnuPG: Multiple vulnerabilities

Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Description Multiple vulnerabilities have been discovered in GnuPG and libgcrypt, please review the CVE identifiers referenced below for details. Impact A local attacker could possibly caus...

openSUSE Security Update : libgcrypt (openSUSE-2016-559)

libgcrypt was updated to fix one security issue. This security issue was fixed : - CVE-2015-7511: Side-channel attack on ECDH with Weierstrass curves bsc965902. This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptiv...

DEBIAN-CVE-2015-7511

Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations...

CVE-2015-7511

Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations...

CVE-2015-7511

Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations...

Code injection

Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations...

CVE-2015-7511

Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations...