|
|
Log in / Subscribe / Register

Debian-LTS alert DLA-190-1 (libgcrypt11)



From:
    	      Thorsten Alteholz <debian@alteholz.de> 


To:
    	      debian-lts-announce@lists.debian.org 


Subject:
    	      [SECURITY] [DLA 190-1] libgcrypt11 security update 


Date:
    	      Thu, 9 Apr 2015 12:44:31 +0200 (CEST)


Message-ID:
    	      <alpine.DEB.2.02.1504091242550.10352@jupiter.server.alteholz.net>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libgcrypt11
Version        : 1.4.5-2+squeeze3
CVE ID         : CVE-2014-3591 CVE-2015-0837

Multiple vulnerabilities were discovered in libgcrypt:

CVE-2014-3591

     The Elgamal decryption routine was susceptible to a side-channel
     attack discovered by researchers of Tel Aviv University. Ciphertext
     blinding was enabled to counteract it. Note that this may have a
     quite noticeable impact on Elgamal decryption performance.

CVE-2015-0837

     The modular exponentiation routine mpi_powm() was susceptible to a
     side-channel attack caused by data-dependent timing variations when
     accessing its internal pre-computed table.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJVJlgPXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH5XwP/iJgh6Lkhh+SfUNRWDgRQli5
mIfKpQB6+rjFb8kVNKRxKBYeuykjMiOz7ldN5pTeJhFsdTJnHHYDORL42+2f6AN6
W5uj5lBkc6dpsyhCoL93wHPRKYbgMtH4P2n4PPgtjhyblR7ZB2C66dO4ylVzQU6J
WrWPvZWG48eS07jP35AB3aPMbZu//2DxNdQWdJvdGRsvRSwFNMhfcOT+ElgDFC7G
iPP1+GKDHqbWNByGuVqEM9cDvuuEs6ZHclPAFmU2Z8gXoFRHVUzbJxiroRimEeWT
ZkhT5QU3WhnXntSQlTZm8QJC5rQ5/K3mZeIdRosoINY1ysn4nDnxOuwYcijpxKZL
JDgJ5APTdCo+dp2G98WY+dz0bpS3Nj52hm5zNyZynYskaYFf/s0ByVXiYpx5f51N
CiVqU0zclpwQATuCTRFaXYo56EEdPeTtmuV1IA12FpNLWJCf0R0FWe4R1lrU1bey
VXcj/cPWhd68W2ijx35VisWc7pbDl5hUerWyYX0srF4emketeVkgnINzUc305UTg
r0jOCbWewKMRioxcpUhMHWfgeu/OI+U/msWSaXLo/crinP7s/wcrWM1I+ptdWCFN
N+NC55jQsXkk/5cY9tC2lcsjTZcmeITI8E/TrBVBpuJ8zPKJRmCU6zTsWZUvUu6v
jJouSR218/kthIHfRbxn
=9vsa
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-lts-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: https://lists.debian.org/alpine.DEB.2.02.1504091242550.10...
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds