Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
98
security advisorymoderateRed HatRed Hat Enterprise Linux 8: RHSA-2022-5311 Moderate: libgcrypt ElGamal Risk
An update for libgcrypt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: libgcrypt security update Advisory ID: RHSA-2022:5311-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5311 Issue date: 2022-06-28 CVE Names: CVE-2021-40528 ==================================================================== 1. Summary: An update for libgcrypt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix(es): * libgcrypt: ElGamal implementation allows plaintext recovery (CVE-2021-40528) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2002816 - CVE-2021-40528 libgcrypt: ElGamal implementation allows plaintext recovery 6. Package List: Red Hat Enterprise Linux BaseOS (v.8): Source: libgcrypt-1.8.5-7.el8_6.src.rpm aarch64: libgcrypt-1.8.5-7.el8_6.aarch64.rpm libgcrypt-debuginfo-1.8.5-7.el8_6.aarch64.rpm libgcrypt-debugsource-1.8.5-7.el8_6.aarch64.rpm libgcrypt-devel-1.8.5-7.el8_6.aarch64.rpm libgcrypt-devel-debuginfo-1.8.5-7.el8_6.aarch64.rpm ppc64le: libgcrypt-1.8.5-7.el8_6.ppc64le.rpm libgcrypt-debuginfo-1.8.5-7.el8_6.ppc64le.rpm libgcrypt-debugsource-1.8.5-7.el8_6.ppc64le.rpm libgcrypt-devel-1.8.5-7.el8_6.ppc64le.rpm libgcrypt-devel-debuginfo-1.8.5-7.el8_6.ppc64le.rpm s390x: libgcrypt-1.8.5-7.el8_6.s390x.rpm libgcrypt-debuginfo-1.8.5-7.el8_6.s390x.rpm libgcrypt-debugsource-1.8.5-7.el8_6.s390x.rpm libgcrypt-devel-1.8.5-7.el8_6.s390x.rpm libgcrypt-devel-debuginfo-1.8.5-7.el8_6.s390x.rpm x86_64: libgcrypt-1.8.5-7.el8_6.i686.rpm libgcrypt-1.8.5-7.el8_6.x86_64.rpm libgcrypt-debuginfo-1.8.5-7.el8_6.i686.rpm libgcrypt-debuginfo-1.8.5-7.el8_6.x86_64.rpm libgcrypt-debugsource-1.8.5-7.el8_6.i686.rpm libgcrypt-debugsource-1.8.5-7.el8_6.x86_64.rpm libgcrypt-devel-1.8.5-7.el8_6.i686.rpm libgcrypt-devel-1.8.5-7.el8_6.x86_64.rpm libgcrypt-devel-debuginfo-1.8.5-7.el8_6.i686.rpm libgcrypt-devel-debuginfo-1.8.5-7.el8_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYr5BQtzjgjWX9erEAQjA5g/9Hd2HgnMhl/37QqAX0oiGwygJRmcpt0lc YwCbjZmqvyO5wBOW4kJlO4YuMXB9Dw6sxOjyUSsA0qOZaFXK88KxwlsP8kZP9aJY 8YaphVoAbg3JgeZ8b4W3qL12JtjXAjYEXCUjuDj67UslZ7xnba719z8wsD/pmcRk tHUme1BPaMZDmgL0o65KyRwfvZ7m7wBvVuWL6eXE2AiV1hZc6ADYVXaUmVRIPair 0v7DgKjiN+x0fOBNjmpSI733OBUyOIff0TEgzAgoYslGPSixYb2ulGMl4PBLv8+u dcodPaq9CGIVnGbXgByMVf0adqx2z+87Nm/sIpHchWHVlMcD8ZRtftiXEEh8ksep Szq/hxBRY2p4Pb9Sv0FLt+dxRTAd+CUafYtd/IXzPLzAQV2sXH3Rq9BtDSniMCMD HqYRWa1O1lB9UfCRdhvS0xDwdaRJscLojZPbhkKCxtkV36CtfYj0BHQFOkV9qh75 22za2xZ9+IBurBZXM+yRymkrh4mFTbXjqmtZewP9/tpGcQB28pTB5fSKoR6+0goH GozR7ijcDzBrgfZ1hJ5yLRZ10uiLLryMveD8CWAkaS6RwPppn3cwGwlxPZfvRshY 7uuSptSb0Qpu1tD4kAtHjD/AbxBsghA8PG6CGw1Zg9D6QPr0ot/9AkFvDncI7PeF b43FJio26lo=EfsV -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 30, 2022 Red Hat 203
security advisorycritical issueupdateMageia 8 MGASA-2021-0563 Critical: Botan2 Plaintext Recovery Issue
Updated botan2 packages fix security vulnerability: The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the . MGASA-2021-0563 - Updated botan2 packages fix security vulnerability Publication date: 19 Dec 2021 URL: https://advisories.mageia.org/MGASA-2021-0563.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-40529 Updated botan2 packages fix security vulnerability: The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP (CVE-2021-40529). References: - https://bugs.mageia.org/show_bug.cgi?id=29659 - https://www.cve.org/CVERecord?id=CVE-2021-40529 SRPMS: - 8/core/botan2-2.17.3-2.1.mga8 . The latest botan2 updates rectify a vulnerability in the ElGamal algorithm, which permitted the extraction of plaintext in Mageia systems.. Botan2 Security Update, Mageia Advisory, ElGamal Vulnerability, Crypto Package Update. . Severity: Critical. LinuxSecurity.com Team
Dec 19, 2021 •Critical Mageia 
89
security advisorysecurity issueFedoraCritical Advisory for Fedora 34: CVE-2021-40529 Plaintext Recovery Risk
Security fix for CVE-2021-40529. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-8d51cac49f 2021-11-16 15:40:24.255692 --------------------------------------------------------------------------------Name : botan2 Product : Fedora 34 Version : 2.17.3 Release : 4.fc34 URL : https://botan.randombit.net/ Summary : Crypto and TLS for C++11 Description : Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \#10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API reference, tutorial, and examples may help impart the flavor of the library. This is the current stable release branch 2.x of Botan. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2021-40529 --------------------------------------------------------------------------------ChangeLog: * Sun Nov 7 2021 Ben Kircher - 2.17.3-4 - Backport patch for #2002827 (Fix short exponents with ElGamal) from 2.18.2 --------------------------------------------------------------------------------References: [ 1 ] Bug #2002825 - CVE-2021-40529 botan: ElGamal implementation allows plaintext recovery https://bugzilla.redhat.com/show_bug.cgi?id=2002825 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-8d51cac49f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Nov 16, 2021 •Critical Fedora 203
security advisorycriticalplaintext recoveryMageia 8 - MGASA-2021-0446 Critical: Libgcrypt Plaintext Threat
The updated packages fix a security vulnerability: The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's . MGASA-2021-0446 - Updated libgcrypt packages fix security vulnerability Publication date: 29 Sep 2021 URL: https://advisories.mageia.org/MGASA-2021-0446.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-40528 The updated packages fix a security vulnerability: The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP (CVE-2021-40528). References: - https://bugs.mageia.org/show_bug.cgi?id=29467 - https://ubuntu.com/security/notices/USN-5080-1 - https://www.cve.org/CVERecord?id=CVE-2021-40528 SRPMS: - 8/core/libgcrypt-1.8.7-1.2.mga8 . Mageia issues vital libgcrypt patch addressing plaintext leakage flaw revealed by encryption libraries.. Libgcrypt Update, Mageia Security Advisory, Cryptographic Vulnerabilities. . Severity: Critical. LinuxSecurity.com Team
Sep 29, 2021 •Critical Mageia 203
security advisorysecurity issuelocal attackMageia 6: MGASA-2019-0027 Critical: Mbedtls Plaintext Recovery
A vulnerability was found in mbedTLS which allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites (CVE-2018-19608). References: . MGASA-2019-0027 - Updated mbedtls packages fix security vulnerability Publication date: 10 Jan 2019 URL: https://advisories.mageia.org/MGASA-2019-0027.html Type: security Affected Mageia releases: 6 CVE: CVE-2018-19608 A vulnerability was found in mbedTLS which allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites (CVE-2018-19608). References: - https://bugs.mageia.org/show_bug.cgi?id=24064 - - https://www.trustedfirmware.org/projects/mbed-tls/ - https://www.trustedfirmware.org/projects/mbed-tls/ - https://lists.fedoraproject.org/archives/list/
Jan 10, 2019 •Critical Mageia 87
security advisorycritical issuedebianUbuntu: USN-4497-1 Critical: Vulnerabilities in Libcurl Detected
Two vulnerabilities were discovered in mbedtls, a lightweight crypto and SSL/TLS library which could result in plain text recovery via side-channel attacks. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4296-1
Sep 16, 2018 •Critical Debian 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!