GLSA-201402-24 : GnuPG, Libgcrypt: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201402-24 GnuPG, Libgcrypt: Multiple vulnerabilities Multiple vulnerabilities have been discovered in GnuPG and Libgcrypt. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated remote attacker...

GnuPG, Libgcrypt: Multiple vulnerabilities

Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Libgcrypt is a cryptographic library based on GnuPG. Description Multiple vulnerabilities have been discovered in GnuPG and Libgcrypt. Please review the CVE identifiers referenced below for...

Fedora 19 : gnupg-1.4.16-2.fc19 (2013-23615)

What's New =========== - Fixed the RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack as described by Genkin, Shamir, and Tromer. See .CVE-2013-45 76 - Put only the major version number by default into armored output. - Do not create a trustdb file if --trust-model=always is used....

Fedora 20 : gnupg-1.4.16-2.fc20 (2013-23603)

What's New =========== - Fixed the RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack as described by Genkin, Shamir, and Tromer. See .CVE-2013-45 76 - Put only the major version number by default into armored output. - Do not create a trustdb file if --trust-model=always is used....

CentOS Update for libgcrypt CESA-2013:1457 centos6

Check for the Version of libgcrypt OpenVAS Vulnerability Test CentOS Update for libgcrypt CESA-2013:1457 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

CentOS Update for libgcrypt CESA-2013:1457 centos5

Check for the Version of libgcrypt OpenVAS Vulnerability Test CentOS Update for libgcrypt CESA-2013:1457 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

RedHat Update for libgcrypt RHSA-2013:1457-01

Check for the Version of libgcrypt OpenVAS Vulnerability Test RedHat Update for libgcrypt RHSA-2013:1457-01 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

CentOS Update for libgcrypt CESA-2013:1457 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RedHat Update for libgcrypt RHSA-2013:1457-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for libgcrypt CESA-2013:1457 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 5 / 6 : libgcrypt (CESA-2013:1457)

An updated libgcrypt package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Scientific Linux Security Update : libgcrypt on SL5.x, SL6.x i386/x86_64 (20131024)

It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the L3 cache with the GnuPG process such as a different local user or a user of a KVM guest running o...

Oracle Linux 5 / 6 : libgcrypt (ELSA-2013-1457)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-1457 advisory. - fix CVE-2013-4242 GnuPG/libgcrypt susceptible to cache side-channel attack Tenable has extracted the preceding description block directly from the Oracle...

RHEL 5 / 6 : libgcrypt (RHSA-2013:1457)

An updated libgcrypt package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

libgcrypt security update

CentOS Errata and Security Advisory CESA-2013:1457 An updated libgcrypt package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System...

Moderate: Red Hat Security Advisory: libgcrypt security update

An updated libgcrypt package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

GnuPG susceptible to Yarom/Falkner flush+reload cache side-channel attack

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload...

libgcrypt security update

1.4.5-11 - fix CVE-2013-4242 GnuPG/libgcrypt susceptible to cache side-channel attack 1.4.5-10 - Add GCRYCTLSETENFORCEDFIPSFLAG command...

Amazon Linux AMI : libgcrypt (ALAS-2013-226)

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. C Tenable Network Security, Inc. The descriptive text and package checks in...

L3 CPU shared cache architecture is susceptible to a Flush+Reload side-channel attack

Overview L3 CPU shared cache architecture is susceptible to a Flush+Reload side-channel attack, resulting in information leakage. allowing a local attacker to derive the contents of memory not belonging to the attacker. Description Common L3 CPU shared cache architecture is susceptible to a...