1009 matches found
CVE-2015-7511
CVE-2015-7511 affects Libgcrypt up to version 1.6.4 (pre-1.6.5). The issue is an improper elliptic‑point curve multiplication during decryption that enables physical side‑channel leakage of ECDH private keys via electromagnetic emanations. Remediation is upgrading Libgcrypt to fixed releases (e.g...
CVE-2015-7511
Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations...
SUSE SLED12 / SLES12 Security Update : libgcrypt (SUSE-SU-2016:1089-1)
libgcrypt was updated to fix one security issue. This security issue was fixed : - CVE-2015-7511: Side-channel attack on ECDH with Weierstrass curves bsc965902. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...
SUSE-SU-2016:1089-1 Security update for libgcrypt
libgcrypt was updated to fix one security issue. This security issue was fixed: - CVE-2015-7511: Side-channel attack on ECDH with Weierstrass curves bsc965902...
GNU Libgcrypt Security Bypass Vulnerability
GNU Libgcrypt is a general-purpose cryptographic library developed by the GNU Project based on the GnuPG code. A security vulnerability exists in GNU Libgcrypt that allows attackers to perform unauthorized operations...
openSUSE Security Update : libgcrypt (openSUSE-2016-267)
This update for libgcrypt fixes the following issues : - CVE-2015-7511: side-channel attack on ECDH with Weierstrass curves boo965902 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
libgcrypt: secret key extraction
A vulnerability was found in a way the ECDH encryption algorithm decrypts data. An attacker with a specialized setup can extract the secret decryption key from a target located in an adjacent room within seconds. This is done by measuring the target's electromagnetic emanations...
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : libgcrypt (SSA:2016-054-03)
New libgcrypt packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2016-054-03. The text...
[slackware-security] libgcrypt
New libgcrypt packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/libgcrypt-1.5.5-i486-1slack14.1.txz: Upgraded. Mitigate chosen cipher text attacks on ECDH with Weierstra...
Mageia: Security Advisory (MGASA-2016-0072)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated libgcrypt packages fix security vulnerabilities
Updated libgcrypt packages fix security vulnerability: Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that the ECDH secret decryption keys in applications using the libgcrypt20 library could be leaked via a side-channel attack CVE-2015-7511. The libgcrypt package was also...
MGASA-2016-0072 Updated libgcrypt packages fix security vulnerabilities
Updated libgcrypt packages fix security vulnerability: Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that the ECDH secret decryption keys in applications using the libgcrypt20 library could be leaked via a side-channel attack CVE-2015-7511. The libgcrypt package was also...
Ubuntu 14.04 LTS : Libgcrypt vulnerability (USN-2896-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2896-1 advisory. Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker...
FreeBSD : libgcrypt -- side-channel attack on ECDH (95b92e3b-d451-11e5-9794-e8e0b747a45a)
GnuPG reports : Mitigate side-channel attack on ECDH with Weierstrass curves. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine and contributors...
USN-2896-1: Libgcrypt vulnerability
Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys...
USN-2896-1 libgcrypt11, libgcrypt20 vulnerability
Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys...
CVE-2015-7511
Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations...
UBUNTU-CVE-2015-7511
Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations...
CVE-2008-2377
Use-after-free vulnerability in the gnutlshandshakehashbuffersclear function in lib/gnutlshandshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via TLS transmission of data that is improperly used when...
Oracle: Security Advisory (ELSA-2013-1457)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...