Mageia Linux Local Security Checks : Mageia Linux Local Check: mgasa-2016-0072

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.131231

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia Linux Local Check: mgasa-2016-0072

Zusammenfassung: Mageia Linux Local Security Checks mgasa-2016-0072

Beschreibung: Summary:
Mageia Linux Local Security Checks mgasa-2016-0072

Vulnerability Insight:
Updated libgcrypt packages fix security vulnerability: Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that the ECDH secret decryption keys in applications using the libgcrypt20 library could be leaked via a side-channel attack (CVE-2015-7511). The libgcrypt package was also updated to include countermeasures against Lenstra's fault attack on RSA Chinese Remainder Theorem optimization in RSA. A signature verification step was updated to protect against leaks of private keys in case of hardware faults or implementation errors in numeric libraries. This issue is equivalent to the CVE-2015-5738 issue in gnupg.

Solution:
Update the affected packages to the latest available version.

CVSS Score:
1.9

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-7511
BugTraq ID: 83253
http://www.securityfocus.com/bid/83253
Debian Security Information: DSA-3474 (Google Search)
http://www.debian.org/security/2016/dsa-3474
Debian Security Information: DSA-3478 (Google Search)
http://www.debian.org/security/2016/dsa-3478
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2IL4PAEICHGA2XMQYRY3MIWHM4GMPAG/
https://security.gentoo.org/glsa/201610-04
http://www.cs.tau.ac.IL/~tromer/ecdh/
https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html
SuSE Security Announcement: openSUSE-SU-2016:1227 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-05/msg00027.html
http://www.ubuntu.com/usn/USN-2896-1

Copyright Copyright (C) 2016 Eero Volotinen

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.131231
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia Linux Local Check: mgasa-2016-0072
Zusammenfassung:	Mageia Linux Local Security Checks mgasa-2016-0072
Beschreibung:	Summary: Mageia Linux Local Security Checks mgasa-2016-0072 Vulnerability Insight: Updated libgcrypt packages fix security vulnerability: Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that the ECDH secret decryption keys in applications using the libgcrypt20 library could be leaked via a side-channel attack (CVE-2015-7511). The libgcrypt package was also updated to include countermeasures against Lenstra's fault attack on RSA Chinese Remainder Theorem optimization in RSA. A signature verification step was updated to protect against leaks of private keys in case of hardware faults or implementation errors in numeric libraries. This issue is equivalent to the CVE-2015-5738 issue in gnupg. Solution: Update the affected packages to the latest available version. CVSS Score: 1.9 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-7511 BugTraq ID: 83253 http://www.securityfocus.com/bid/83253 Debian Security Information: DSA-3474 (Google Search) http://www.debian.org/security/2016/dsa-3474 Debian Security Information: DSA-3478 (Google Search) http://www.debian.org/security/2016/dsa-3478 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2IL4PAEICHGA2XMQYRY3MIWHM4GMPAG/ https://security.gentoo.org/glsa/201610-04 http://www.cs.tau.ac.IL/~tromer/ecdh/ https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html SuSE Security Announcement: openSUSE-SU-2016:1227 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-05/msg00027.html http://www.ubuntu.com/usn/USN-2896-1
Copyright	Copyright (C) 2016 Eero Volotinen