Fedora alert FEDORA-2015-3489 (libgcrypt)
| From: | updates@fedoraproject.org | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 21 Update: libgcrypt-1.6.3-1.fc21 | |
| Date: | Wed, 18 Mar 2015 10:23:58 +0000 | |
| Message-ID: | <20150318102358.3A85C6087E0B@bastion01.phx2.fedoraproject.org> |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-3489 2015-03-09 04:43:33 -------------------------------------------------------------------------------- Name : libgcrypt Product : Fedora 21 Version : 1.6.3 Release : 1.fc21 URL : http://www.gnupg.org/ Summary : A general-purpose cryptography library Description : Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version. -------------------------------------------------------------------------------- Update Information: New upstream release fixing two minor security issues. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 6 2015 Tomáš Mráz <tmraz@redhat.com> 1.6.3-1 - new upstream version * Wed Feb 25 2015 Tomáš Mráz <tmraz@redhat.com> 1.6.2-4 - do not initialize secure memory during the selftest (#1195850) * Sat Feb 21 2015 Till Maas <opensource@till.name> - 1.6.2-3 - Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_package... * Wed Jan 14 2015 Tomáš Mráz <tmraz@redhat.com> 1.6.2-2 - fix buildability of programs using gcrypt.h with -ansi (#1182200) * Mon Dec 8 2014 Tomáš Mráz <tmraz@redhat.com> 1.6.2-1 - new upstream version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1198145 - CVE-2014-3591 libgcrypt: use ciphertext blinding for Elgamal decryption (new side-channel attack) https://bugzilla.redhat.com/show_bug.cgi?id=1198145 [ 2 ] Bug #1198147 - CVE-2015-0837 libgcrypt: last-level cache side-channel attack https://bugzilla.redhat.com/show_bug.cgi?id=1198147 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libgcrypt' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-...