Tag Archives: libgcrypt

Security updates for Tuesday

Post Syndicated from ris original https://lwn.net/Articles/738995/rss

Security updates have been issued by Arch Linux (konversation), Debian (graphicsmagick and konversation), Fedora (git-annex, ImageMagick, kernel, and libgcrypt), Oracle (kernel), Red Hat (httpd), SUSE (firefox, nss), and Ubuntu (perl and postgresql-9.3, postgresql-9.5, postgresql-9.6).

Security updates for Wednesday

Post Syndicated from ris original https://lwn.net/Articles/738473/rss

Security updates have been issued by Arch Linux (chromium, libzip, and openssl), Debian (chromium-browser, otrs2, slurm-llnl, and tomcat7), Fedora (kernel, libgcrypt, nodejs, php, poppler, qemu, rpm, and wget), openSUSE (chromium), Red Hat (chromium-browser and rhvm-appliance), SUSE (krb5 and qemu), and Ubuntu (openjdk-8).

Security updates for Tuesday

Post Syndicated from ris original https://lwn.net/Articles/734142/rss

Security updates have been issued by Arch Linux (apache and ettercap), Debian (gdk-pixbuf and newsbeuter), Red Hat (kernel), Slackware (httpd, libgcrypt, and ruby), SUSE (kernel), and Ubuntu (bind9, kernel, libidn2-0, libxml2, linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon, linux, linux-raspi2, linux-hwe, linux-lts-trusty, and linux-lts-xenial).

Security updates for Monday

Post Syndicated from ris original https://lwn.net/Articles/734015/rss

Security updates have been issued by Arch Linux (ffmpeg, lib32-libgcrypt, libgcrypt, linux-zen, and newsbeuter), Debian (emacs25, freexl, and tomcat8), Fedora (cyrus-imapd, FlightGear, freexl, gdm, kernel, LibRaw, ruby, and xen), Gentoo (binutils, chkrootkit, curl, gdk-pixbuf, gimps, git, kpathsea, mod_gnutls, perl, squirrelmail, subversion, supervisor, and webkit-gtk), Mageia (389-ds-base, kernel, kernel-linus, kernel-tmb, and mpg123), openSUSE (ffmpeg, ffmpeg2, qemu, and xen), Slackware (kernel), SUSE (xen), and Ubuntu (gdk-pixbuf).

Security updates for Friday

Post Syndicated from ris original https://lwn.net/Articles/733829/rss

Security updates have been issued by Arch Linux (flashplugin, kernel, lib32-flashplugin, and linux-lts), CentOS (postgresql), Debian (tcpdump and wordpress-shibboleth), Fedora (lightdm, python-django, and tomcat), Mageia (flash-player-plugin and libsndfile), openSUSE (chromium, cvs, kernel, and libreoffice), Oracle (postgresql), and Ubuntu (libgcrypt20 and thunderbird).

Security updates for Monday

Post Syndicated from ris original https://lwn.net/Articles/733389/rss

Security updates have been issued by Debian (freerdp, mbedtls, tiff, and tiff3), Fedora (chromium, krb5, libstaroffice, mbedtls, mingw-libidn2, mingw-openjpeg2, openjpeg2, and rubygems), Mageia (bzr, libarchive, libgcrypt, and tcpdump), openSUSE (gdk-pixbuf, libidn2, mpg123, postgresql94, postgresql96, and xen), Slackware (bash, mariadb, and tcpdump), and SUSE (evince and kernel).

Security updates for Wednesday

Post Syndicated from ris original https://lwn.net/Articles/732396/rss

Security updates have been issued by Debian (libgcrypt20, poppler, and wordpress), Fedora (cvs, java-1.8.0-openjdk-aarch32, and postgresql), Mageia (gstreamer0.10-plugins-base, gstreamer1.0-plugins-base and libgit2), openSUSE (exim), Red Hat (instack-undercloud, openvswitch, and poppler), Scientific Linux (poppler), SUSE (kernel and quagga), and Ubuntu (linux-lts-trusty).

Security updates for Monday

Post Syndicated from ris original https://lwn.net/Articles/728666/rss

Security updates have been issued by CentOS (graphite2 and java-1.8.0-openjdk), Debian (atril, bind9, catdoc, and qemu), Fedora (glpi, GraphicsMagick, heimdal, kernel, nodejs, perl-XML-LibXML, and qt5-qtwebengine), Gentoo (adobe-flash), Mageia (c-ares, expat, flash-player-plugin, gnutls, libgcrypt, libtiff, sane, and tnef), openSUSE (evince and xorg-x11-server), Scientific Linux (graphite2), Slackware (seamonkey), and Ubuntu (heimdal and linux-lts-trusty).

Libgcrypt 1.8.0 released

Post Syndicated from ris original https://lwn.net/Articles/728287/rss

The GnuPG Project has announced the availability of Libgcrypt 1.8.0.
This is a new stable version of Libgcrypt with full API
and ABI compatibility to the 1.7 series. Its main features are support
Blake-2, XTS mode, an improved RNG, and performance improvements for the
ARM architecture.

Security updates for Monday

Post Syndicated from ris original https://lwn.net/Articles/728136/rss

Security updates have been issued by Arch Linux (apache, evince, and mosquitto), Debian (apache2, evince, heimdal, and knot), Fedora (c-ares, cacti, evince, GraphicsMagick, httpd, jabberd, libgcrypt, openvas-cli, openvas-gsa, openvas-libraries, openvas-manager, openvas-scanner, poppler, qt5-qtwebengine, qt5-qtwebkit, spatialite-tools, and sqlite), openSUSE (gnutls, ncurses, qemu, and xorg-x11-server), Slackware (mariadb and samba), SUSE (cryptctl), and Ubuntu (heimdal and samba).

Security updates for Monday

Post Syndicated from ris original https://lwn.net/Articles/727485/rss

Security updates have been issued by Debian (bind9, jetty, mpg123, phpldapadmin, sqlite3, and xorg-server), Fedora (bind, bind99, dhcp, drupal7, GraphicsMagick, httpd, irssi, jetty, jetty-alpn, jetty-test-helper, libdb, libgcrypt, mosquitto, ocaml, pius, qt5-qtwebkit, tomcat, xen, and zabbix), Gentoo (feh, gajim, game-music-emu, jasper, libcroco, libsndfile, man-db, nm-applet, openslp, phpmyadmin, roundcube, virglrenderer, and vlc), openSUSE (irssi, kernel, libgcrypt, and xen), Slackware (irssi and php), and Ubuntu (poppler).

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/727308/rss

Security updates have been issued by CentOS (bind and qemu-kvm), Debian (jabberd2, libclamunrar, libgcrypt11, radare2, and tiff), Fedora (bind, bind-dyndb-ldap, dnsperf, kdepim4, kf5-messagelib, kmail, and php-horde-Horde-Image), Oracle (bind and qemu-kvm), SUSE (ncurses), and Ubuntu (ntp, samba, and thunderbird).

[$] Breaking Libgcrypt RSA via a side channel

Post Syndicated from jake original https://lwn.net/Articles/727179/rss

A recent paper [PDF] by
a group of eight cryptography researchers shows, once again, how
cryptographic breakthroughs are made. They often start small, with just a
reduction in the strength of a cipher or key search space, say, but then grow
over time to reach the point of a full-on breaking of a cipher or the
implementation of one. In this case, the RSA
implementation in Libgcrypt
for 1024-bit keys has been fully broken using a side-channel
attack
against the operation of the library—2048-bit keys are also
susceptible, but not with the same reliability, at least using this exact
technique.

GnuPG Crypto Library libgcrypt Cracked Via Side-Channel

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/NsgNol1ZoHY/

Some clever boffins including Internet software pioneer djb have gotten libgcrypt cracked via a Side-Channel attack which has to do with the direction of a sliding window carried out in the library. Patches have already been released so update your Linux servers ASAP, even though honestly it seems like a fairly theoretical attack (this…

Read the full post at darknet.org.uk