|
|
Log in / Subscribe / Register

Debian alert DLA-2691-1 (libgcrypt20)



From:
              Thorsten Alteholz <debian@alteholz.de>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 2691-1] libgcrypt20 security update


Date:
              Thu, 24 Jun 2021 22:55:50 +0000


Message-ID:
              <alpine.DEB.2.21.2106242225120.20420@postfach.intern.alteholz.me>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2691-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
June 25, 2021                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libgcrypt20
Version        : 1.7.6-2+deb9u4
CVE ID         : CVE-2021-33560


An issue has been found in libgcrypt20, a crypto library.
Mishandling of ElGamal encryption results in a possible side-channel 
attack and an interoperability problem with keys not generated by 
GnuPG/libgcrypt.


For Debian 9 stretch, this problem has been fixed in version
1.7.6-2+deb9u4.

We recommend that you upgrade your libgcrypt20 packages.

For the detailed security status of libgcrypt20 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libgcrypt20

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmDVDXZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEcF5RAAlPb0kR++fKd+iA8bWvonSqPVxtAx0/D2LlpW52QEgNIM7o0Y/M8lIIEh
YFRCQ4VVjgKjw/G8NfiE5l2/mUxjh9ctdUCGnBnZtnCilNNYyuDFbrRAdFN38iKU
et9zgEgnel2VAN3DK+2HwaJboahDkfNkFPtbI71wNWnRzTMzAoPnXtV4EpYLbxK1
QAfutqTNxssOyGUH1HBp5cGU7M5unfzA6GZRKRsV7Faw8TraRkEbpxNrNsubF1Zl
dKI6spK4bWYGzKrxRlpE446EYUDmS5QcMHmX0q87puGNPjQKe5kIecb6yDWa3P+m
/SS7upnMmEvyAzNynTJGFMikIZbHxcsUGmgjw0JnrxoEG+m7AqDjrKt1tpyN5D+e
z7GlEgGqeHppUE/v2Xx1ccvKktkRynuN5R14dPpl8C5ODk8OGQLMTNQw0kBmzpEn
ZNjFmmYZtJBPT2LGKg90phmVkARl7aqGXOJ7ZUFFjUPn7X29qpUI0A7zVmHcMXsd
asGDxQ7Ld3ANFCzKzwIigckyxn+QxvqupdfIw42JuRvwvZEwQXeILaG1Jlh5Os87
oDT/VSGtnO3PHJRc37fGjeOUOhYitOlvfEiI9SOCM6hYDjFPBDH70PSXRlnhsQDK
C+dVhQN2BGfwFxHvgl0OmumBhM++SqA1BLOrg43zXZuWShOA7OM=
=W1FO
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds