Medium: libgcrypt

Issue Overview: GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. Affected Packages: libgcrypt Issue Correction: Run yum update...

Medium: gnupg

Issue Overview: GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. Affected Packages: gnupg Issue Correction: Run yum update gnu...

Fedora Update for libgcrypt FEDORA-2013-13678

Check for the Version of libgcrypt OpenVAS Vulnerability Test Fedora Update for libgcrypt FEDORA-2013-13678 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

Fedora Update for libgcrypt FEDORA-2013-13678

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : GnuPG and Libgcrypt -- side-channel attack vulnerability (689c2bf7-0701-11e3-9a25-002590860428)

Werner Koch of the GNU project reports : Noteworthy changes in version 1.5.3 : Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys... Note that Libgcrypt is used by GnuPG 2.x and thus this release fixes the above problem. The fix for GnuPG less than 2.0 can be found in...

CVE-2013-4242

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload...

Design/Logic Flaw

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload...

CVE-2013-4242

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload...

CVE-2013-4242

CVE-2013-4242 affects GnuPG before 1.4.14 and Libgcrypt before 1.5.3 (as used in GnuPG 2.0.x), enabling a local user to obtain private RSA keys via a cache side-channel (Flush+Reload) on the L3 cache. The root cause is a cache side-channel leak in the RSA key handling within GnuPG/Libgcrypt. Docu...

SuSE 11.2 / 11.3 Security Update : libgcrypt (SAT Patch Numbers 8201 / 8202)

This update of libgcrypt mitigates the Yarom/Falkner flush+reload side-channel attack on RSA secret keys. CVE-2013-4242 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is...

[slackware-security] gnupg / libgcrypt (SSA:2013-215-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security gnupg / libgcrypt SSA:2013-215-01 New gnupg and libgcrypt packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. New libgpg-error packages are also available for Slackware 13....

Fedora Update for libgcrypt FEDORA-2013-13671

Check for the Version of libgcrypt OpenVAS Vulnerability Test Fedora Update for libgcrypt FEDORA-2013-13671 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

Fedora Update for libgcrypt FEDORA-2013-13671

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : gnupg / libgcrypt (SSA:2013-215-01)

New gnupg and libgcrypt packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. New libgpg-error packages are also available for Slackware 13.1 and older as the supplied version wasn't new enough to compile the fixed version of libgcrypt...

[slackware-security] gnupg / libgcrypt

New gnupg and libgcrypt packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. New libgpg-error packages are also available for Slackware 13.1 and older as the supplied version wasn't new enough to compile the fixed version of libgcrypt. He...

Updated gnupg package fixes security vulnerability

Yarom and Falkner discovered that RSA secret keys in applications using GnuPG 1.x, and using the libgcrypt library, could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system CVE-2013-4242...

[SECURITY] Fedora 19 Update: libgcrypt-1.5.3-1.fc19

Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version...

[SECURITY] Fedora 18 Update: libgcrypt-1.5.3-1.fc18

Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version...

Fedora 19 : libgcrypt-1.5.3-1.fc19 (2013-13678)

Minor update from upstream fixing a moderate impact security issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora 18 : libgcrypt-1.5.3-1.fc18 (2013-13671)

Minor update from upstream fixing a moderate impact security issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...