Mageia Linux Local Check: mgasa-2016-0072

Published: 2016-02-18 05:27:38
CVE Author: NIST National Vulnerability Database (NVD)

Technical Details:
Updated libgcrypt Linux Distribution Packages fix security vulnerability: Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that the ECDH secret decryption keys in applications using the libgcrypt20 library could be leaked via a side-channel attack (CVE-2015-7511). The libgcrypt Linux Distribution Package was also updated to include countermeasures against Lenstra's fault attack on RSA Chinese Remainder Theorem optimization in RSA. A signature verification step was updated to protect against leaks of private keys in case of hardware faults or implementation errors in numeric libraries. This issue is equivalent to the CVE-2015-5738 issue in gnupg.

Recommendations:
Update the affected Linux Distribution Packages to the latest available version.

Solution Type:
Vendor Patch

CVSS Base Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N

Detection Type:
Linux Distribution Package

Summary:
Mageia Linux Local Security Checks mgasa-2016-0072

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2015-7511

References:

https://advisories.mageia.org/MGASA-2016-0072.html

Search
Severity
Low
CVSS Score
1.9

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.