FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  458952
Date:      2018-01-14
Time:      02:19:47Z
Committer: woodsb02

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
80771b89-f57b-11e2-bf21-b499baab0cbegnupg -- side channel attack on RSA secret keys

A Yarom and Falkner paper reports:

Flush+Reload is a cache side-channel attack that monitors access to data in shared pages. In this paper we demonstrate how to use the attack to extract private encryption keys from GnuPG. The high resolution and low noise of the Flush+Reload attack enables a spy program to recover over 98% of the bits of the private key in a single decryption or signing round. Unlike previous attacks, the attack targets the last level L3 cache. Consequently, the spy program and the victim do not need to share the execution core of the CPU. The attack is not limited to a traditional OS and can be used in a virtualised environment, where it can attack programs executing in a different VM.

Discovery 2013-07-18
Entry 2013-07-25
Modified 2013-07-26
lt 1.4.14
2e5715f8-67f7-11e3-9811-b499baab0cbegnupg -- RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack

Werner Koch reports:

CVE-2013-4576 has been assigned to this security bug.

The paper describes two attacks. The first attack allows to distinguish keys: An attacker is able to notice which key is currently used for decryption. This is in general not a problem but may be used to reveal the information that a message, encrypted to a commonly not used key, has been received by the targeted machine. We do not have a software solution to mitigate this attack.

The second attack is more serious. It is an adaptive chosen ciphertext attack to reveal the private key. A possible scenario is that the attacker places a sensor (for example a standard smartphone) in the vicinity of the targeted machine. That machine is assumed to do unattended RSA decryption of received mails, for example by using a mail client which speeds up browsing by opportunistically decrypting mails expected to be read soon. While listening to the acoustic emanations of the targeted machine, the smartphone will send new encrypted messages to that machine and re-construct the private key bit by bit. A 4096 bit RSA key used on a laptop can be revealed within an hour.

Discovery 2013-12-18
Entry 2013-12-18
Modified 2014-04-30
lt 1.4.16

lt 1.4.16

749b5587-2da1-11e3-b1a9-b499baab0cbegnupg -- possible infinite recursion in the compressed packet parser

Werner Koch reports:

Special crafted input data may be used to cause a denial of service against GPG (GnuPG's OpenPGP part) and some other OpenPGP implementations. All systems using GPG to process incoming data are affected..

Discovery 2013-10-05
Entry 2013-10-05
lt 1.4.15

ge 2.0.0 lt 2.0.22

e1c71d8d-64d9-11e6-b38a-25a46b33f2edgnupg -- attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output

Werner Koch reports:

There was a bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions.

Discovery 2016-08-17
Entry 2016-08-18
Modified 2016-11-30
lt 1.4.21

lt 1.7.3

lt 1.4.5_4

lt 1.5.3_1
1c840eb9-fb32-11e3-866e-b499baab0cbegnupg -- possible DoS using garbled compressed data packets

Werner Koch reports:

This release includes a *security fix* to stop a possible DoS using garbled compressed data packets which can be used to put gpg into an infinite loop.

Discovery 2014-06-23
Entry 2014-06-23
lt 1.4.17

lt 2.0.24