FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
e1c71d8d-64d9-11e6-b38a-25a46b33f2edgnupg -- attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output

Werner Koch reports:

There was a bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions.


Discovery 2016-08-17
Entry 2016-08-18
Modified 2016-11-30
gnupg1
< 1.4.21

libgcrypt
< 1.7.3

linux-c6-libgcrypt
< 1.4.5_4

linux-c7-libgcrypt
< 1.5.3_1

https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
CVE-2016-6313
9b5162de-6f39-11e8-818e-e8e0b747a45alibgcrypt -- side-channel attack vulnerability

GnuPG reports:

Mitigate a local side-channel attack on ECDSA signature as described in the white paper "Return on the Hidden Number Problem".


Discovery 2018-06-13
Entry 2018-06-13
Modified 2018-06-14
libgcrypt
< 1.8.3

CVE-2018-0495
https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.4-relnotes.txt
689c2bf7-0701-11e3-9a25-002590860428GnuPG and Libgcrypt -- side-channel attack vulnerability

Werner Koch of the GNU project reports:

Noteworthy changes in version 1.5.3:

Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys...

Note that Libgcrypt is used by GnuPG 2.x and thus this release fixes the above problem. The fix for GnuPG less than 2.0 can be found in the just released GnuPG 1.4.14.


Discovery 2013-07-18
Entry 2013-08-17
libgcrypt
< 1.5.3

linux-f10-libgcrypt
< 1.5.3

CVE-2013-4242
http://eprint.iacr.org/2013/448
http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000329.html
http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html
c9c6c2f8-cd54-11e9-af89-080027ef1a23libgcrypt -- ECDSA timing attack

GnuPG reports:

Mitigate an ECDSA timing attack.


Discovery 2019-08-29
Entry 2019-09-02
libgcrypt
< 1.8.5

CVE-2019-13627
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627
22f28bb3-8d98-11e7-8c37-e8e0b747a45alibgcrypt -- side-channel attack vulnerability

GnuPG reports:

Mitigate a local side-channel attack on Curve25519 dubbed "May the Fourth Be With You".


Discovery 2017-08-27
Entry 2017-08-30
libgcrypt
< 1.8.1

CVE-2017-0379
https://eprint.iacr.org/2017/806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0379
ed3bf433-5d92-11e7-aa14-e8e0b747a45alibgcrypt -- side-channel attack on RSA secret keys

GnuPG reports:

Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster".


Discovery 2017-06-29
Entry 2017-06-30
libgcrypt
< 1.7.8

CVE-2017-7526
https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html
95b92e3b-d451-11e5-9794-e8e0b747a45alibgcrypt -- side-channel attack on ECDH

GnuPG reports:

Mitigate side-channel attack on ECDH with Weierstrass curves.


Discovery 2016-02-09
Entry 2016-02-16
libgcrypt
< 1.6.5

CVE-2015-7511
https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html