what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2015-0837

Status Candidate

Overview

The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."

Related Files

Gentoo Linux Security Advisory 201610-04
Posted Oct 10, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201610-4 - Multiple vulnerabilities have been fixed in libgcrypt,the worst of which results in predictable output from the random number generator. Versions less than 1.7.3 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2014-3591, CVE-2015-0837, CVE-2015-7511, CVE-2016-6313
SHA-256 | 5619b69bf4075be672b52dd153d8f9e314becc2be95833013f21e6768d5f5bc7
Gentoo Linux Security Advisory 201606-04
Posted Jun 6, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201606-4 - Multiple vulnerabilities have been found in GnuPG and libgcrypt, the worst of which may allow a local attacker to obtain confidential key information. Versions less than 2.0.26-r3 are affected.

tags | advisory, local, vulnerability
systems | linux, gentoo
advisories | CVE-2014-3591, CVE-2015-0837
SHA-256 | 8db5403994502cb954b206f0f2eceb5aa7aecabc0df6d9eeac3772f8bba72e1f
Slackware Security Advisory - gnupg Updates
Posted Apr 22, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-3591, CVE-2015-0837
SHA-256 | 3a0f7c0ad6c6d8f3a18498acb84b48b76b0a8d05e934b6cfca87447479bf8a8a
Ubuntu Security Notice USN-2555-1
Posted Apr 1, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2555-1 - Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2014-3591, CVE-2015-0837
SHA-256 | 792642a0875ba38ffc370521446151efc3f78fb089ed47720138b797c6d3ce23
Ubuntu Security Notice USN-2554-1
Posted Apr 1, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2554-1 - Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2014-3591, CVE-2014-5270, CVE-2015-0837, CVE-2015-1606, CVE-2015-1607
SHA-256 | acd1c36d18e0b5be95a85b1785f915c0f1383d9bbab5c56b752b2a664eb94d1f
Mandriva Linux Security Advisory 2015-154
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-154 - Updated gnupg, gnupg2 and libgcrypt packages fix security GnuPG versions before 1.4.17 and 2.0.24 are vulnerable to a denial of service which can be caused by garbled compressed data packets which may put gpg into an infinite loop. The libgcrypt library before version 1.5.4 is vulnerable to an ELGAMAL side-channel attack. GnuPG before 1.4.19 is vulnerable to a side-channel attack which can potentially lead to an information leak. GnuPG before 1.4.19 is vulnerable to a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak. The gnupg and gnupg2 package has been patched to correct these issues. GnuPG2 is vulnerable to these issues through the libgcrypt library. The issues were fixed in libgcrypt 1.6.3. The libgcrypt package in Mandriva, at version 1.5.4, was only vulnerable to the CVE-2014-3591 issue. It has also been patched to correct this issue.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-3591, CVE-2014-4617, CVE-2014-5270, CVE-2015-0837
SHA-256 | 867cc5c461189e5765485dc6b4a2f63d57c6e6d920cb79fec12513b4629f0ba2
Mandriva Linux Security Advisory 2015-155
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-155 - GnuPG before 1.4.19 is vulnerable to a side-channel attack which can potentially lead to an information leak. GnuPG before 1.4.19 is vulnerable to a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak. The gnupg package has been patched to correct these issues. GnuPG2 is vulnerable to these issues through the libgcrypt library. The issues were fixed in libgcrypt 1.6.3. The libgcrypt package in Mandriva, at version 1.5.4, was only vulnerable to the CVE-2014-3591 issue. It has also been patched to correct this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-3591, CVE-2015-0837
SHA-256 | 5eae8f870b196fa57b88bc2e5d2121119f611d0f9c814556868d5963d51fe24d
Debian Security Advisory 3185-1
Posted Mar 13, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3185-1 - Multiple vulnerabilities were discovered in libgcrypt.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-3591, CVE-2015-0837
SHA-256 | 6ce9b887c204b8096051a3210b40087e29d2d0a48576ee311154e2278f174168
Debian Security Advisory 3184-1
Posted Mar 13, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3184-1 - Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-3591, CVE-2015-0837, CVE-2015-1606
SHA-256 | 13c6d025c2d9c1babbfd6860c323e1e6fb7e4b31a5784250a5d788a74db32f6d
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close