Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31780
HistoryMar 15, 2015 - 12:00 a.m.

[SECURITY] [DSA 3184-1] gnupg security update

2015-03-1500:00:00
vulners.com
10
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Debian Security Advisory DSA-3184-1 [email protected]
http://www.debian.org/security/ Alessandro Ghedini
March 12, 2015 http://www.debian.org/security/faq

Package : gnupg
CVE ID : CVE-2014-3591 CVE-2015-0837 CVE-2015-1606

Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard:

CVE-2014-3591

The Elgamal decryption routine was susceptible to a side-channel
attack discovered by researchers of Tel Aviv University. Ciphertext
blinding was enabled to counteract it. Note that this may have a
quite noticeable impact on Elgamal decryption performance.

CVE-2015-0837

The modular exponentiation routine mpi_powm() was susceptible to a
side-channel attack caused by data-dependent timing variations when
accessing its internal pre-computed table.

CVE-2015-1606

The keyring parsing code did not properly reject certain packet
types not belonging in a keyring, which caused an access to memory
already freed. This could allow remote attackers to cause a denial
of service (crash) via crafted keyring files.

For the stable distribution (wheezy), these problems have been fixed in
version 1.4.12-7+deb7u7.

For the upcoming stable distribution (jessie), these problems have been
fixed in version 1.4.18-7.

For the unstable distribution (sid), these problems have been fixed in
version 1.4.18-7.

We recommend that you upgrade your gnupg packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJVAdGHAAoJEFb2GnlAHawEJp4IAI50qDF5+QdQQ/1cvcP1tqda
H9QOu6omsKtiXtyTKQnoRfDmZ6dKblWdJMfH9cK9bfoziixwTTkol374u0xuTucY
MW6x08InvELESJKrgGvnnoj+g3xAvHDBOt0BXcL9tBYV81ZzaHBCS75VwwMwHD8n
B3mErX24JpnTH0Y2C4xAi+SuQ74KasB9FGSz3aAbrkvpwTEOumtLc9NG4mROjRXg
ARRJRIQv+PZ8VW2/vImoMiuAgALRttREtoVbaRoKOg8if/r9g49Ix28QFxrfJV7x
P2CaHXLfdcJq5oPuRltJK7vXmQUYwbgQAzv2Xmy0350HzfQcTTvBUFbld2Nd9dE=
=TLCo
-----END PGP SIGNATURE-----

Related

nessus 40
osv 4
openvas 39
debian 4
securityvulns 2
fedora 7
mageia 3
ubuntu 2
gentoo 2
slackware 1
amazon 2
prion 3
cve 4
ubuntucve 3
debiancve 3
veracode 1
rosalinux 1
ibm 1
nessus
nessus
Debian DLA-175-1 : gnupg security update
2015-03-26 00:00:00
Debian DSA-3184-1 : gnupg - security update
2015-03-13 00:00:00
Mandriva Linux Security Advisory : gnupg (MDVSA-2015:155)
2015-03-30 00:00:00
osv
osv
gnupg - security update
2015-03-17 00:00:00
gnupg - security update
2015-03-12 00:00:00
libgcrypt11 - security update
2015-03-12 00:00:00
openvas
openvas
Debian Security Advisory DSA 3184-1 (gnupg - security update)
2015-03-12 00:00:00
Debian: Security Advisory (DLA-175-1)
2023-03-08 00:00:00
Univention Corporate Server 4.0 erratum 137
2015-04-09 00:00:00
debian
debian
[SECURITY] [DSA 3184-1] gnupg security update
2015-03-12 17:50:45
[SECURITY] [DLA 175-1] gnupg security update
2015-03-17 15:35:28
[SECURITY] [DSA 3185-1] libgcrypt11 security update
2015-03-12 17:53:56
securityvulns
securityvulns
GnuPG / libgcrypt multiple security vulnerabilities
2015-04-09 00:00:00
[USN-2554-1] GnuPG vulnerabilities
2015-04-09 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: libgcrypt-1.6.3-1.fc22
2015-03-13 17:02:02
[SECURITY] Fedora 21 Update: mingw-libgcrypt-1.6.3-1.fc21
2015-05-04 15:28:08
[SECURITY] Fedora 22 Update: gnupg-1.4.19-1.fc22
2015-03-13 17:13:01
mageia
mageia
Updated gnupg and libgcrypt packages fix security vulnerabilities
2015-03-10 19:48:25
Updated libgcrypt packages fix CVE-2015-0837
2015-09-14 00:58:30
Updated gnupg packages fix security vulnerabilities
2015-09-14 00:58:30
ubuntu
ubuntu
Libgcrypt vulnerabilities
2015-04-01 00:00:00
GnuPG vulnerabilities
2015-04-01 00:00:00
gentoo
gentoo
GnuPG: Multiple vulnerabilities
2016-06-05 00:00:00
libgcrypt: Multiple vulnerabilities
2016-10-10 00:00:00
slackware
slackware
[slackware-security] gnupg
2015-04-22 01:20:04
amazon
amazon
Medium: libgcrypt
2015-08-04 17:43:00
Low: gnupg2
2015-07-28 11:35:00
prion
prion
Design/Logic Flaw
2019-11-20 19:15:00
Code injection
2019-11-29 22:15:00
Design/Logic Flaw
2019-11-29 22:15:00
cve
cve
CVE-2015-1606
2019-11-20 19:15:00
CVE-2014-3591
2019-11-29 22:15:00
CVE-2015-0837
2019-11-29 22:15:00
ubuntucve
ubuntucve
CVE-2015-1606
2015-02-16 00:00:00
CVE-2014-3591
2014-12-31 00:00:00
CVE-2015-0837
2015-03-02 00:00:00
debiancve
debiancve
CVE-2015-1606
2019-11-20 19:15:00
CVE-2014-3591
2019-11-29 22:15:00
CVE-2015-0837
2019-11-29 22:15:00
veracode
veracode
Side Channel Attack
2019-12-04 06:58:14
rosalinux
rosalinux
Advisory ROSA-SA-2021-1870
2021-07-02 17:14:28
ibm
ibm
Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs
2023-03-08 18:05:21
JSON
Related for SECURITYVULNS:DOC:31780
nessus40osv4openvas39debian4securityvulns2fedora7mageia3ubuntu2gentoo2slackware1amazon2prion3cve4ubuntucve3debiancve3veracode1rosalinux1ibm1