Huawei EulerOS Local Security Checks : Huawei EulerOS: Security Advisory for libgcrypt (EulerOS-SA-2019-2695)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.2.2019.2695

Category: Huawei EulerOS Local Security Checks

Title: Huawei EulerOS: Security Advisory for libgcrypt (EulerOS-SA-2019-2695)

Summary: The remote host is missing an update for the Huawei EulerOS 'libgcrypt' package(s) announced via the EulerOS-SA-2019-2695 advisory.

Description: Summary:
The remote host is missing an update for the Huawei EulerOS 'libgcrypt' package(s) announced via the EulerOS-SA-2019-2695 advisory.

Vulnerability Insight:
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.(CVE-2014-3591)

Affected Software/OS:
'libgcrypt' package(s) on Huawei EulerOS V2.0SP5.

Solution:
Please install the updated package(s).

CVSS Score:
1.9

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-3591
http://www.cs.tau.ac.il/~tromer/radioexp/
http://www.debian.org/security/2015/dsa-3184
http://www.debian.org/security/2015/dsa-3185
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html

Copyright Copyright (C) 2020 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.2.2019.2695
Category:	Huawei EulerOS Local Security Checks
Title:	Huawei EulerOS: Security Advisory for libgcrypt (EulerOS-SA-2019-2695)
Summary:	The remote host is missing an update for the Huawei EulerOS 'libgcrypt' package(s) announced via the EulerOS-SA-2019-2695 advisory.
Description:	Summary: The remote host is missing an update for the Huawei EulerOS 'libgcrypt' package(s) announced via the EulerOS-SA-2019-2695 advisory. Vulnerability Insight: Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.(CVE-2014-3591) Affected Software/OS: 'libgcrypt' package(s) on Huawei EulerOS V2.0SP5. Solution: Please install the updated package(s). CVSS Score: 1.9 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3591 http://www.cs.tau.ac.il/~tromer/radioexp/ http://www.debian.org/security/2015/dsa-3184 http://www.debian.org/security/2015/dsa-3185 https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html
Copyright	Copyright (C) 2020 Greenbone AG