diff options
| author | cpm <cpm@FreeBSD.org> | 2018-06-14 02:51:55 +0800 |
|---|---|---|
| committer | cpm <cpm@FreeBSD.org> | 2018-06-14 02:51:55 +0800 |
| commit | 66abec89a0afadabe8f8e5da3ad153a279d91f46 (patch) | |
| tree | ddad2724a18b8ee363e1afbb508099529c3111a9 /security | |
| parent | d9645f45532985576a3f9884b7674daf35aeedcd (diff) | |
| download | freebsd-ports-gnome-66abec89a0afadabe8f8e5da3ad153a279d91f46.tar.gz freebsd-ports-gnome-66abec89a0afadabe8f8e5da3ad153a279d91f46.tar.zst freebsd-ports-gnome-66abec89a0afadabe8f8e5da3ad153a279d91f46.zip | |
Document libgcrypt side-channel attack vulnerability
Security: CVE-2018-0495
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index a05b64dcb7e7..8656beacd779 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,33 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="9b5162de-6f39-11e8-818e-e8e0b747a45a"> + <topic>libgcrypt -- side-channel attack vulnerability</topic> + <affects> + <package> + <name>libgcrypt</name> + <range><lt>1.8.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>GnuPG reports:</p> + <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495"> + <p>Mitigate a local side-channel attack on ECDSA signature as described in the white paper "Return on the Hidden Number Problem".</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2018-0495</cvename> + <url>https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/</url> + <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495</url> + </references> + <dates> + <discovery>2018-06-13</discovery> + <entry>2018-06-13</entry> + </dates> + </vuln> + <vuln vid="c82ecac5-6e3f-11e8-8777-b499baebfeaf"> <topic>OpenSSL -- Client DoS due to large DH parameter</topic> <affects> |