Ubuntu Security Notice 2554-1 - Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Various other issues were also addressed.
acd1c36d18e0b5be95a85b1785f915c0f1383d9bbab5c56b752b2a664eb94d1fMandriva Linux Security Advisory 2015-154 - Updated gnupg, gnupg2 and libgcrypt packages fix security GnuPG versions before 1.4.17 and 2.0.24 are vulnerable to a denial of service which can be caused by garbled compressed data packets which may put gpg into an infinite loop. The libgcrypt library before version 1.5.4 is vulnerable to an ELGAMAL side-channel attack. GnuPG before 1.4.19 is vulnerable to a side-channel attack which can potentially lead to an information leak. GnuPG before 1.4.19 is vulnerable to a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak. The gnupg and gnupg2 package has been patched to correct these issues. GnuPG2 is vulnerable to these issues through the libgcrypt library. The issues were fixed in libgcrypt 1.6.3. The libgcrypt package in Mandriva, at version 1.5.4, was only vulnerable to the CVE-2014-3591 issue. It has also been patched to correct this issue.
867cc5c461189e5765485dc6b4a2f63d57c6e6d920cb79fec12513b4629f0ba2Debian Linux Security Advisory 3073-1 - Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamal encryption subkeys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side-channel attack.
8fffc402af38bdb41e678130858ef5a67a02942cf952d7c89fbe50b5cae2713cMandriva Linux Security Advisory 2014-180 - The gnupg program before version 1.4.16 is vulnerable to an ELGAMAL side-channel attack.
03ec5c081a2354c13e32e599e0fef98400dfb6bbc16a191f9eaf5f922d8321aeDebian Linux Security Advisory 3024-1 - Genkin, Pipman and Tromer discovered a side-channel attack on Elgamal encryption subkeys.
b2346aef46332e7dd3e40eb0441330ae17335baff74358e7b56dfc81b92896c8Mandriva Linux Security Advisory 2014-176 - The libgcrypt library before version 1.5.4 is vulnerable to an ELGAMAL side-channel attack.
0780b50c1589fe65cc42af17ea0e1cc15443e3fde984ecaad141d58f82502a23Ubuntu Security Notice 2339-2 - Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an adaptive chosen ciphertext attack via physical side channels. A local attacker could use this attack to possibly recover private keys.
af710e3a425b8f1c589dca591ed48217ca6b1b8d1215d50f09cc6edcc8c3e10eUbuntu Security Notice 2339-1 - Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an adaptive chosen ciphertext attack via physical side channels. A local attacker could use this attack to possibly recover private keys.
4e60bdc46e0904e8a9e4971ee29d0296c4c6e8a01e589be8af695bfcee0875baGentoo Linux Security Advisory 201408-10 - A vulnerability in Libgcrypt could allow a remote attacker to extract ElGamal private key information. Versions less than 1.5.4 are affected.
dc140fe843d5ab6ab9a5998f40aeb6364054dfe18d31c18f4b8b0f7836c3a02e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed