Mageia alert MGASA-2017-0213 (libgcrypt)


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2017-0213: Updated libgcrypt packages fix security vulnerability 
Date:
    	       Sat, 22 Jul 2017 11:36:57 +0200
Message-ID:
    	       <20170722093657.CF93E9F875@duvel.mageia.org>
MGASA-2017-0213 - Updated libgcrypt packages fix security vulnerability

Publication date: 22 Jul 2017
URL: http://advisories.mageia.org/MGASA-2017-0213.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2017-7526

Description:
Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot
Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and
Yuval Yarom discovered that Libgcrypt was susceptible to an attack via
side channels. A local attacker could use this attack to recover RSA
private keys (CVE-2017-7526).

References:
- https://bugs.mageia.org/show_bug.cgi?id=21178
- https://www.ubuntu.com/usn/usn-3347-1/
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526

SRPMS:
- 5/core/libgcrypt-1.5.4-5.4.mga5

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2017-0213: Updated libgcrypt packages fix security vulnerability
Date:		Sat, 22 Jul 2017 11:36:57 +0200
Message-ID:		<20170722093657.CF93E9F875@duvel.mageia.org>