Download
| Alert*
oval:org.secpod.oval:def:703690
libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Several security issues were fixed in Libgcrypt. oval:org.secpod.oval:def:2101608 libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel ... oval:org.secpod.oval:def:89044900 This update for libgcrypt fixes the following issues: - CVE-2017-7526: Hardening a against local side-channel attack in RSA key handling has been added oval:org.secpod.oval:def:89044764 This update for libgcrypt fixes the following issues: - CVE-2017-7526: Hardening against a local side-channel attack in RSA key handling has been added oval:org.secpod.oval:def:1800171 - Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For details see < [CVE-2017-7526] Looks like libgcrypt needs to be fixed in stable branches. oval:org.secpod.oval:def:1800920 - Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For details see < [CVE-2017-7526] Looks like libgcrypt needs to be fixed in stable branches. oval:org.secpod.oval:def:1800802 - Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For details see < [CVE-2017-7526] Looks like libgcrypt needs to be fixed in stable branches. oval:org.secpod.oval:def:1800562 An attacker who learns the EdDSA session key from side-channel observation during the signing process, can easily recover the long-term secret key. Storing the session key in secure memory ensures that constant time point operations are used in the MPI library. Fixed In Version libgcrypt 1.7.7 Refer ... oval:org.secpod.oval:def:1800542 An attacker who learns the EdDSA session key from side-channel observation during the signing process, can easily recover the long-term secret key. Storing the session key in secure memory ensures that constant time point operations are used in the MPI library. Fixed In Version: libgcrypt 1.7.7 Refe ... oval:org.secpod.oval:def:41167 libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Several security issues were fixed in Libgcrypt. oval:org.secpod.oval:def:51524 libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Several security issues were fixed in Libgcrypt. oval:org.secpod.oval:def:602975 Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack allowing full key recovery for RSA-1024. See https://eprint.iacr.org/2017/627 for deta ... oval:org.secpod.oval:def:112621 Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version. oval:org.secpod.oval:def:52106 - gnupg: GNU privacy guard - a free PGP replacement GnuPG could be made to expose sensitive information. oval:org.secpod.oval:def:52869 libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Several security issues were fixed in Libgcrypt. oval:org.secpod.oval:def:603087 Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that GnuPG is prone to a local side-channel attack allowing full key recovery for RSA-1024. oval:org.secpod.oval:def:112559 Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version. oval:org.secpod.oval:def:53090 Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack allowing full key recovery for RSA-1024. See https://eprint.iacr.org/2017/627 for deta ... oval:org.secpod.oval:def:704272 - gnupg: GNU privacy guard - a free PGP replacement GnuPG could be made to expose sensitive information. |