Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2016-0072)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.131231

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2016-0072)

Resumen: The remote host is missing an update for the 'libgcrypt' package(s) announced via the MGASA-2016-0072 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libgcrypt' package(s) announced via the MGASA-2016-0072 advisory.

Vulnerability Insight:
Updated libgcrypt packages fix security vulnerability:

Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that
the ECDH secret decryption keys in applications using the libgcrypt20 library
could be leaked via a side-channel attack (CVE-2015-7511).

The libgcrypt package was also updated to include countermeasures against
Lenstra's fault attack on RSA Chinese Remainder Theorem optimization in RSA.
A signature verification step was updated to protect against leaks of private
keys in case of hardware faults or implementation errors in numeric
libraries. This issue is equivalent to the CVE-2015-5738 issue in gnupg.

Affected Software/OS:
'libgcrypt' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
1.9

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-7511
BugTraq ID: 83253
http://www.securityfocus.com/bid/83253
Debian Security Information: DSA-3474 (Google Search)
http://www.debian.org/security/2016/dsa-3474
Debian Security Information: DSA-3478 (Google Search)
http://www.debian.org/security/2016/dsa-3478
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2IL4PAEICHGA2XMQYRY3MIWHM4GMPAG/
https://security.gentoo.org/glsa/201610-04
http://www.cs.tau.ac.IL/~tromer/ecdh/
https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html
SuSE Security Announcement: openSUSE-SU-2016:1227 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-05/msg00027.html
http://www.ubuntu.com/usn/USN-2896-1

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.131231
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2016-0072)
Resumen:	The remote host is missing an update for the 'libgcrypt' package(s) announced via the MGASA-2016-0072 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libgcrypt' package(s) announced via the MGASA-2016-0072 advisory. Vulnerability Insight: Updated libgcrypt packages fix security vulnerability: Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that the ECDH secret decryption keys in applications using the libgcrypt20 library could be leaked via a side-channel attack (CVE-2015-7511). The libgcrypt package was also updated to include countermeasures against Lenstra's fault attack on RSA Chinese Remainder Theorem optimization in RSA. A signature verification step was updated to protect against leaks of private keys in case of hardware faults or implementation errors in numeric libraries. This issue is equivalent to the CVE-2015-5738 issue in gnupg. Affected Software/OS: 'libgcrypt' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 1.9 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-7511 BugTraq ID: 83253 http://www.securityfocus.com/bid/83253 Debian Security Information: DSA-3474 (Google Search) http://www.debian.org/security/2016/dsa-3474 Debian Security Information: DSA-3478 (Google Search) http://www.debian.org/security/2016/dsa-3478 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2IL4PAEICHGA2XMQYRY3MIWHM4GMPAG/ https://security.gentoo.org/glsa/201610-04 http://www.cs.tau.ac.IL/~tromer/ecdh/ https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html SuSE Security Announcement: openSUSE-SU-2016:1227 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-05/msg00027.html http://www.ubuntu.com/usn/USN-2896-1
Copyright	Copyright (C) 2016 Greenbone AG