BugTraq
[SECURITY] [DSA 3474-1] libgcrypt20 security update Feb 12 2016 04:07PM
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3474-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 12, 2016 https://www.debian.org/security/faq
- ------------------------------------------------------------------------
-

Package : libgcrypt20
CVE ID : CVE-2015-7511

Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered
that the ECDH secret decryption keys in applications using the
libgcrypt20 library could be leaked via a side-channel attack.

See https://www.cs.tau.ac.IL/~tromer/ecdh/ for details.

For the stable distribution (jessie), this problem has been fixed in
version 1.6.3-2+deb8u1.

For the unstable distribution (sid), this problem has been fixed in
version 1.6.5-2.

We recommend that you upgrade your libgcrypt20 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce (at) lists.debian (dot) org [email concealed]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWvgDSAAoJEAVMuPMTQ89EfVEQAJZ3bwB0ZO+tTUPUahth+4fn
niMtdvanTiUULdG6atiXTIh5lNrF5DrunuYnezuI/a6uwyBTbPnjDtpfVMssfOO2
qdfz2aDSnI2/cvNAYQ1W0ZOzYBM9qOhOraUliOqvFoi/cAecZGQEHyAl01VLVHPq
jb4Z8QxsS3kCoGz0wOfRCPLAlub9yhyKw3zhr4UCVNZ1eLbmP5bInzFaWO7/mfRo
0mJQo0sWBXI1lCcvKFZQHx7b6sIsv80CJ5N/+A2rjykQmM9vEHHz2IiUXf+fCqEQ
fDePCTXLNQbNBP6kS2zlQJNbon45OaY7YdjDPrPrOhrAeaSMDO3H2iFa+fiEkjmG
QDxAB86GtmUOi0Uujc/oZVIkp6b3AMhJDmflxHDn47tRVp6CEkGgvPWNurbUt6h4
BQJEMCQA2j1qVSKWS5F7SzxfuO3VU5JT10QBtMNPsb/nzT0yY3JKWoBW2eyHrpiB
h9co0xS5Z9SN+jpJJuCeK4pfrr+xwGcqSxe2hHnT6nqMlsvCEE+k/nRKOC3+03u/
zEZkcQ5qrCJ/l2zCResbeWTM+gYk+OeTkpyuaJwcp6C6mdNq69BG3LUfngP+r871
/Gr0ggtu3TBQlZ4orlSLOTOvf2pJ8pizMOTZrG2cPivTjLOGduqKrfbjxK3bo8ve
oOpgoyfI9/Ncl0qtkVPb
=CRM8
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus