Download
| Alert*
oval:org.secpod.oval:def:117045
Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version. oval:org.secpod.oval:def:117102 Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version. oval:org.secpod.oval:def:1800172 libgcrypt is installed oval:org.secpod.oval:def:21801 The host is installed with libgcrypt before 1.5.4 and is prone to an unspecified vulnerability. A flaw is present in the application, which does not properly perform ciphertext normalization and ciphertext randomizations. Successful exploitation makes it easier for physically proximate attackers to ... oval:org.secpod.oval:def:24744 The host is installed with libgcrypt in RHEL 5,6 or 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain sensitive information. oval:org.secpod.oval:def:67965 The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. The following packages have been upgraded to a later upstream version: libgcrypt . Security Fix: * libgcrypt: ECDSA timing attack allowing private key leak For more details about the security issue, ... oval:org.secpod.oval:def:1801607 A mitigation against an ECDSA timing attack was fixed in libgcrypt 1.8.5 oval:org.secpod.oval:def:89045369 This update for libgcrypt fixes the following issues: - RNG prediction vulnerability oval:org.secpod.oval:def:89002131 This update for libgcrypt fixes the following issues: The following security vulnerability was addressed: - CVE-2018-0495: Mitigate a novel side-channel attack by enabling blinding for ECDSA signatures . The following other issues were fixed: - Extended the fipsdrv dsa-sign and dsa-verify commands w ... oval:org.secpod.oval:def:89002571 This update for libgcrypt fixes the following issues: The following security vulnerability was addressed: - CVE-2018-0495: Mitigate a novel side-channel attack by enabling blinding for ECDSA signatures . The following other issues were fixed: - Extended the fipsdrv dsa-sign and dsa-verify commands w ... oval:org.secpod.oval:def:89044976 This update for libgcrypt fixes the following issues: - CVE-2017-9526: Store the session key in secure memory to ensure that constant time point operations are used in the MPI library. - Don"t require secure memory for the fips selftests, this prevents the Oops, secure memory pool already initializ ... oval:org.secpod.oval:def:203207 libgcrypt is installed oval:org.secpod.oval:def:111245 Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version. oval:org.secpod.oval:def:89044764 This update for libgcrypt fixes the following issues: - CVE-2017-7526: Hardening against a local side-channel attack in RSA key handling has been added oval:org.secpod.oval:def:204151 The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix: * A design flaw was found in the libgcrypt PRNG . An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. Red Hat would like to thank Fel ... oval:org.secpod.oval:def:504778 The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. The following packages have been upgraded to a later upstream version: libgcrypt . Security Fix: * libgcrypt: ECDSA timing attack allowing private key leak For more details about the security issue, ... oval:org.secpod.oval:def:89003233 This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigated ECDSA timing attack oval:org.secpod.oval:def:89044900 This update for libgcrypt fixes the following issues: - CVE-2017-7526: Hardening a against local side-channel attack in RSA key handling has been added oval:org.secpod.oval:def:86337 The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix: * libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm For more details about the security issue, including the ... oval:org.secpod.oval:def:86363 The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix: * libgcrypt: ElGamal implementation allows plaintext recovery For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related informati ... oval:org.secpod.oval:def:204035 The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix: * A design flaw was found in the libgcrypt PRNG . An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. Red Hat would like to thank Fel ... oval:org.secpod.oval:def:89050777 This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigated ECDSA timing attack oval:org.secpod.oval:def:89050807 This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigation against an ECDSA timing attack . Bug fixes: - Added CMAC AES self test . - Added CMAC TDES self test missing . - Fix test dsa-rfc6979 in FIPS mode. oval:org.secpod.oval:def:1505840 [ 1.8.5-7_fips] - Add API to provide hash calculation in RSA/DSA/ECDSA signature operations [Orabug: 33081130] - Change Epoch from 1 to 10 [1.8.5-7] - Fix CVE-2021-33560 oval:org.secpod.oval:def:120407 Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version. oval:org.secpod.oval:def:1800171 - Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For details see < [CVE-2017-7526] Looks like libgcrypt needs to be fixed in stable branches. oval:org.secpod.oval:def:1801021 Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. ... oval:org.secpod.oval:def:1801022 Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. ... oval:org.secpod.oval:def:1801019 Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. ... oval:org.secpod.oval:def:1800779 Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. oval:org.secpod.oval:def:1800920 - Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For details see < [CVE-2017-7526] Looks like libgcrypt needs to be fixed in stable branches. oval:org.secpod.oval:def:1800802 - Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For details see < [CVE-2017-7526] Looks like libgcrypt needs to be fixed in stable branches. oval:org.secpod.oval:def:111299 Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version. oval:org.secpod.oval:def:1800748 A design flaw was found in the libgcrypt PRNG . An attacker who can obtain the first 580 bytes of the PRNG output, can trivially predict the following 20 bytes. Fixed In Version: libgcrypt 1.7.3, libgcrypt 1.6.6, libgcrypt 1.5.6, gnupg 1.4.21 oval:org.secpod.oval:def:111174 Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version. oval:org.secpod.oval:def:111001 Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version. oval:org.secpod.oval:def:89047282 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding . oval:org.secpod.oval:def:1505257 [1.8.5-6] - Fix for CVE-2021-33560 - Enable HW optimizations in FIPS - Performance enchancements for ChaCha20 and Poly1305 [1.8.5-5] - Performance enchancements for AES-GCM, CRC32 and SHA2 oval:org.secpod.oval:def:4500103 The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Change ... oval:org.secpod.oval:def:2500391 The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. oval:org.secpod.oval:def:113396 Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version. oval:org.secpod.oval:def:113664 Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version. oval:org.secpod.oval:def:1800539 Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. oval:org.secpod.oval:def:113410 Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version. oval:org.secpod.oval:def:1800489 Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. oval:org.secpod.oval:def:501122 The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the ... oval:org.secpod.oval:def:105816 Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version. oval:org.secpod.oval:def:1600270 GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. oval:org.secpod.oval:def:1500290 An updated libgcrypt package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ... oval:org.secpod.oval:def:1500294 An updated libgcrypt package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ... oval:org.secpod.oval:def:1200057 Fix a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak. Fix a side-channel attack which can potentially lead to an information leak. Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perf ... oval:org.secpod.oval:def:108542 Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version. oval:org.secpod.oval:def:202966 The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the ... oval:org.secpod.oval:def:202964 The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the ... oval:org.secpod.oval:def:1800542 An attacker who learns the EdDSA session key from side-channel observation during the signing process, can easily recover the long-term secret key. Storing the session key in secure memory ensures that constant time point operations are used in the MPI library. Fixed In Version: libgcrypt 1.7.7 Refe ... oval:org.secpod.oval:def:1800562 An attacker who learns the EdDSA session key from side-channel observation during the signing process, can easily recover the long-term secret key. Storing the session key in secure memory ensures that constant time point operations are used in the MPI library. Fixed In Version libgcrypt 1.7.7 Refer ... oval:org.secpod.oval:def:1800599 An attacker who learns the EdDSA session key from side-channel observation during the signing process, can easily recover the long-term secret key. Storing the session key in secure memory ensures that constant time point operations are used in the MPI library. Fixed In Version: libgcrypt 1.7.7 Refe ... oval:org.secpod.oval:def:1501649 A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. oval:org.secpod.oval:def:1600447 A design flaw was found in the libgcrypt PRNG . An attacker who can obtain the first 580 bytes of the PRNG output can trivially predict the following 20 bytes. oval:org.secpod.oval:def:501931 The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix: * A design flaw was found in the libgcrypt PRNG . An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. Red Hat would like to thank Fel ... oval:org.secpod.oval:def:1501644 A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. oval:org.secpod.oval:def:112621 Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version. oval:org.secpod.oval:def:114663 Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version. oval:org.secpod.oval:def:112559 Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version. oval:org.secpod.oval:def:114655 Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version. oval:org.secpod.oval:def:89049670 This update for libgcrypt fixes the following issue: The following security issue was fixed: - CVE-2018-0495: Fixed a novel side-channel attack, by enabling blinding for ECDSA signatures oval:org.secpod.oval:def:2500088 The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. oval:org.secpod.oval:def:89050800 This update for libgcrypt fixes the following issues: Security issue fixed: - CVE-2019-12904: Fixed a flush-and-reload side-channel attack in the AES implementation . oval:org.secpod.oval:def:89050799 This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-12904: The C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. Other bugfixes: - Don"t run full FIPS self-tests from cons ... |