Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2018-0306)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2018.0306

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2018-0306)

Resumen: The remote host is missing an update for the 'libgcrypt' package(s) announced via the MGASA-2018-0306 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libgcrypt' package(s) announced via the MGASA-2018-0306 advisory.

Vulnerability Insight:
Updated libgcrypt packages fix security vulnerability:

When libgcrypt uses the private key to create a signature, such as for a TLS or
SSH connection, it inadvertently leaks information through memory caches. An
unprivileged attacker running on the same machine can collect the information
from a few thousand signatures and recover the value of the private ECDSA or
DSA key (CVE-2018-0495).

Affected Software/OS:
'libgcrypt' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
1.9

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-0495
Debian Security Information: DSA-4231 (Google Search)
https://www.debian.org/security/2018/dsa-4231
https://dev.gnupg.org/T4011
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965
https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html
https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html
RedHat Security Advisories: RHSA-2018:3221
https://access.redhat.com/errata/RHSA-2018:3221
RedHat Security Advisories: RHSA-2018:3505
https://access.redhat.com/errata/RHSA-2018:3505
RedHat Security Advisories: RHSA-2019:1296
https://access.redhat.com/errata/RHSA-2019:1296
RedHat Security Advisories: RHSA-2019:1297
https://access.redhat.com/errata/RHSA-2019:1297
RedHat Security Advisories: RHSA-2019:1543
https://access.redhat.com/errata/RHSA-2019:1543
RedHat Security Advisories: RHSA-2019:2237
https://access.redhat.com/errata/RHSA-2019:2237
http://www.securitytracker.com/id/1041144
http://www.securitytracker.com/id/1041147
https://usn.ubuntu.com/3689-1/
https://usn.ubuntu.com/3689-2/
https://usn.ubuntu.com/3692-1/
https://usn.ubuntu.com/3692-2/
https://usn.ubuntu.com/3850-1/
https://usn.ubuntu.com/3850-2/

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2018.0306
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2018-0306)
Resumen:	The remote host is missing an update for the 'libgcrypt' package(s) announced via the MGASA-2018-0306 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libgcrypt' package(s) announced via the MGASA-2018-0306 advisory. Vulnerability Insight: Updated libgcrypt packages fix security vulnerability: When libgcrypt uses the private key to create a signature, such as for a TLS or SSH connection, it inadvertently leaks information through memory caches. An unprivileged attacker running on the same machine can collect the information from a few thousand signatures and recover the value of the private ECDSA or DSA key (CVE-2018-0495). Affected Software/OS: 'libgcrypt' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 1.9 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-0495 Debian Security Information: DSA-4231 (Google Search) https://www.debian.org/security/2018/dsa-4231 https://dev.gnupg.org/T4011 https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965 https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/ https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html RedHat Security Advisories: RHSA-2018:3221 https://access.redhat.com/errata/RHSA-2018:3221 RedHat Security Advisories: RHSA-2018:3505 https://access.redhat.com/errata/RHSA-2018:3505 RedHat Security Advisories: RHSA-2019:1296 https://access.redhat.com/errata/RHSA-2019:1296 RedHat Security Advisories: RHSA-2019:1297 https://access.redhat.com/errata/RHSA-2019:1297 RedHat Security Advisories: RHSA-2019:1543 https://access.redhat.com/errata/RHSA-2019:1543 RedHat Security Advisories: RHSA-2019:2237 https://access.redhat.com/errata/RHSA-2019:2237 http://www.securitytracker.com/id/1041144 http://www.securitytracker.com/id/1041147 https://usn.ubuntu.com/3689-1/ https://usn.ubuntu.com/3689-2/ https://usn.ubuntu.com/3692-1/ https://usn.ubuntu.com/3692-2/ https://usn.ubuntu.com/3850-1/ https://usn.ubuntu.com/3850-2/
Copyright	Copyright (C) 2022 Greenbone AG