Download
| Alert*
oval:org.secpod.oval:def:21801
The host is installed with libgcrypt before 1.5.4 and is prone to an unspecified vulnerability. A flaw is present in the application, which does not properly perform ciphertext normalization and ciphertext randomizations. Successful exploitation makes it easier for physically proximate attackers to ... oval:org.secpod.oval:def:52288 libgcrypt11: LGPL Crypto library Libgcrypt could expose sensitive information when performing decryption. oval:org.secpod.oval:def:601837 Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamal encryption subkeys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side-channel attack. oval:org.secpod.oval:def:703690 libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Several security issues were fixed in Libgcrypt. oval:org.secpod.oval:def:702188 gnupg: GNU privacy guard - a free PGP replacement GnuPG could expose sensitive information when performing decryption. oval:org.secpod.oval:def:702187 libgcrypt11: LGPL Crypto library Libgcrypt could expose sensitive information when performing decryption. oval:org.secpod.oval:def:702488 gnupg: GNU privacy guard - a free PGP replacement - gnupg2: GNU privacy guard - a free PGP replacement Several security issues were fixed in GnuPG. oval:org.secpod.oval:def:601773 Genkin, Pipman and Tromer discovered a side-channel attack on Elgamal encryption subkeys . In addition, this update hardens GnuPG"s behaviour when treating keyserver responses; GnuPG now filters keyserver responses to only accepts those keyid"s actually requested by the user. oval:org.secpod.oval:def:1800171 - Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For details see < [CVE-2017-7526] Looks like libgcrypt needs to be fixed in stable branches. oval:org.secpod.oval:def:1801019 Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. ... oval:org.secpod.oval:def:1801021 Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. ... oval:org.secpod.oval:def:1801022 Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. ... oval:org.secpod.oval:def:1800920 - Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For details see < [CVE-2017-7526] Looks like libgcrypt needs to be fixed in stable branches. oval:org.secpod.oval:def:1800802 - Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For details see < [CVE-2017-7526] Looks like libgcrypt needs to be fixed in stable branches. oval:org.secpod.oval:def:52442 gnupg: GNU privacy guard - a free PGP replacement - gnupg2: GNU privacy guard - a free PGP replacement Several security issues were fixed in GnuPG. oval:org.secpod.oval:def:1200057 Fix a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak. Fix a side-channel attack which can potentially lead to an information leak. Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perf ... oval:org.secpod.oval:def:1800562 An attacker who learns the EdDSA session key from side-channel observation during the signing process, can easily recover the long-term secret key. Storing the session key in secure memory ensures that constant time point operations are used in the MPI library. Fixed In Version libgcrypt 1.7.7 Refer ... oval:org.secpod.oval:def:1800542 An attacker who learns the EdDSA session key from side-channel observation during the signing process, can easily recover the long-term secret key. Storing the session key in secure memory ensures that constant time point operations are used in the MPI library. Fixed In Version: libgcrypt 1.7.7 Refe ... oval:org.secpod.oval:def:41167 libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Several security issues were fixed in Libgcrypt. oval:org.secpod.oval:def:51524 libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Several security issues were fixed in Libgcrypt. oval:org.secpod.oval:def:602975 Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack allowing full key recovery for RSA-1024. See https://eprint.iacr.org/2017/627 for deta ... oval:org.secpod.oval:def:112621 Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version. oval:org.secpod.oval:def:114663 Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version. oval:org.secpod.oval:def:114765 Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \#10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API refere ... oval:org.secpod.oval:def:51062 libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Libgcrypt could be made to expose sensitive information. oval:org.secpod.oval:def:51186 nss: Network Security Service library Several security issues were fixed in NSS. oval:org.secpod.oval:def:52106 - gnupg: GNU privacy guard - a free PGP replacement GnuPG could be made to expose sensitive information. oval:org.secpod.oval:def:52869 libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Several security issues were fixed in Libgcrypt. oval:org.secpod.oval:def:603087 Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that GnuPG is prone to a local side-channel attack allowing full key recovery for RSA-1024. oval:org.secpod.oval:def:704129 libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Libgcrypt could be made to expose sensitive information. oval:org.secpod.oval:def:112559 Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version. oval:org.secpod.oval:def:704432 nss: Network Security Service library Several security issues were fixed in NSS. oval:org.secpod.oval:def:53090 Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack allowing full key recovery for RSA-1024. See https://eprint.iacr.org/2017/627 for deta ... oval:org.secpod.oval:def:603433 It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys. oval:org.secpod.oval:def:114655 Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version. oval:org.secpod.oval:def:704272 - gnupg: GNU privacy guard - a free PGP replacement GnuPG could be made to expose sensitive information. oval:org.secpod.oval:def:53354 It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys. oval:org.secpod.oval:def:114771 Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \#10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API refere ... oval:org.secpod.oval:def:1700093 During key agreement in a TLS handshake using a DH based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This cou ... oval:org.secpod.oval:def:51064 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:704134 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:1600954 Libgcrypt allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacke ... |