[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 93-1] libgcrypt11 security update



Package        : libgcrypt11
Version        : 1.4.5-2+squeeze2
CVE ID         : CVE-2014-5270

Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamal
encryption subkeys in applications using the libgcrypt11 library, for
example GnuPG 2.x, could be leaked via a side-channel attack (see
http://www.cs.tau.ac.il/~tromer/handsoff/).

This is fixed in Squeeze in version 1.4.5-2+squeeze2.

We recommend that you upgrade your libgcrypt11 packages.

-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Attachment: signature.asc
Description: Digital signature


Reply to: