Gentoo Linux Security Advisory 201610-4 - Multiple vulnerabilities have been fixed in libgcrypt,the worst of which results in predictable output from the random number generator. Versions less than 1.7.3 are affected.
5619b69bf4075be672b52dd153d8f9e314becc2be95833013f21e6768d5f5bc7Gentoo Linux Security Advisory 201606-4 - Multiple vulnerabilities have been found in GnuPG and libgcrypt, the worst of which may allow a local attacker to obtain confidential key information. Versions less than 2.0.26-r3 are affected.
8db5403994502cb954b206f0f2eceb5aa7aecabc0df6d9eeac3772f8bba72e1fSlackware Security Advisory - New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
3a0f7c0ad6c6d8f3a18498acb84b48b76b0a8d05e934b6cfca87447479bf8a8aUbuntu Security Notice 2555-1 - Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Various other issues were also addressed.
792642a0875ba38ffc370521446151efc3f78fb089ed47720138b797c6d3ce23Ubuntu Security Notice 2554-1 - Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Various other issues were also addressed.
acd1c36d18e0b5be95a85b1785f915c0f1383d9bbab5c56b752b2a664eb94d1fMandriva Linux Security Advisory 2015-154 - Updated gnupg, gnupg2 and libgcrypt packages fix security GnuPG versions before 1.4.17 and 2.0.24 are vulnerable to a denial of service which can be caused by garbled compressed data packets which may put gpg into an infinite loop. The libgcrypt library before version 1.5.4 is vulnerable to an ELGAMAL side-channel attack. GnuPG before 1.4.19 is vulnerable to a side-channel attack which can potentially lead to an information leak. GnuPG before 1.4.19 is vulnerable to a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak. The gnupg and gnupg2 package has been patched to correct these issues. GnuPG2 is vulnerable to these issues through the libgcrypt library. The issues were fixed in libgcrypt 1.6.3. The libgcrypt package in Mandriva, at version 1.5.4, was only vulnerable to the CVE-2014-3591 issue. It has also been patched to correct this issue.
867cc5c461189e5765485dc6b4a2f63d57c6e6d920cb79fec12513b4629f0ba2Mandriva Linux Security Advisory 2015-155 - GnuPG before 1.4.19 is vulnerable to a side-channel attack which can potentially lead to an information leak. GnuPG before 1.4.19 is vulnerable to a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak. The gnupg package has been patched to correct these issues. GnuPG2 is vulnerable to these issues through the libgcrypt library. The issues were fixed in libgcrypt 1.6.3. The libgcrypt package in Mandriva, at version 1.5.4, was only vulnerable to the CVE-2014-3591 issue. It has also been patched to correct this issue.
5eae8f870b196fa57b88bc2e5d2121119f611d0f9c814556868d5963d51fe24dDebian Linux Security Advisory 3185-1 - Multiple vulnerabilities were discovered in libgcrypt.
6ce9b887c204b8096051a3210b40087e29d2d0a48576ee311154e2278f174168Debian Linux Security Advisory 3184-1 - Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard.
13c6d025c2d9c1babbfd6860c323e1e6fb7e4b31a5784250a5d788a74db32f6d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed