rpm package
suse/libgcrypt&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP1
pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-13627 | — | < 1.6.1-16.68.1 | 1.6.1-16.68.1 | Sep 25, 2019 | It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7. | ||
| CVE-2016-6313 | Med | 5.3 | < 1.6.1-16.33.1 | 1.6.1-16.33.1 | Dec 13, 2016 | The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits. | |
| CVE-2015-7511 | Low | 2.0 | < 1.6.1-16.27.1 | 1.6.1-16.27.1 | Apr 19, 2016 | Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations. |
- CVE-2019-13627Sep 25, 2019affected < 1.6.1-16.68.1fixed 1.6.1-16.68.1
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.
- affected < 1.6.1-16.33.1fixed 1.6.1-16.33.1
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
- affected < 1.6.1-16.27.1fixed 1.6.1-16.27.1
Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.