[SECURITY] [DLA 190-1] libgcrypt11 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 190-1] libgcrypt11 security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Thu, 9 Apr 2015 12:44:31 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.02.1504091242550.10352@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libgcrypt11
Version        : 1.4.5-2+squeeze3
CVE ID         : CVE-2014-3591 CVE-2015-0837

Multiple vulnerabilities were discovered in libgcrypt:

CVE-2014-3591

    The Elgamal decryption routine was susceptible to a side-channel
    attack discovered by researchers of Tel Aviv University. Ciphertext
    blinding was enabled to counteract it. Note that this may have a
    quite noticeable impact on Elgamal decryption performance.

CVE-2015-0837

    The modular exponentiation routine mpi_powm() was susceptible to a
    side-channel attack caused by data-dependent timing variations when
    accessing its internal pre-computed table.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJVJlgPXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH5XwP/iJgh6Lkhh+SfUNRWDgRQli5
mIfKpQB6+rjFb8kVNKRxKBYeuykjMiOz7ldN5pTeJhFsdTJnHHYDORL42+2f6AN6
W5uj5lBkc6dpsyhCoL93wHPRKYbgMtH4P2n4PPgtjhyblR7ZB2C66dO4ylVzQU6J
WrWPvZWG48eS07jP35AB3aPMbZu//2DxNdQWdJvdGRsvRSwFNMhfcOT+ElgDFC7G
iPP1+GKDHqbWNByGuVqEM9cDvuuEs6ZHclPAFmU2Z8gXoFRHVUzbJxiroRimEeWT
ZkhT5QU3WhnXntSQlTZm8QJC5rQ5/K3mZeIdRosoINY1ysn4nDnxOuwYcijpxKZL
JDgJ5APTdCo+dp2G98WY+dz0bpS3Nj52hm5zNyZynYskaYFf/s0ByVXiYpx5f51N
CiVqU0zclpwQATuCTRFaXYo56EEdPeTtmuV1IA12FpNLWJCf0R0FWe4R1lrU1bey
VXcj/cPWhd68W2ijx35VisWc7pbDl5hUerWyYX0srF4emketeVkgnINzUc305UTg
r0jOCbWewKMRioxcpUhMHWfgeu/OI+U/msWSaXLo/crinP7s/wcrWM1I+ptdWCFN
N+NC55jQsXkk/5cY9tC2lcsjTZcmeITI8E/TrBVBpuJ8zPKJRmCU6zTsWZUvUu6v
jJouSR218/kthIHfRbxn
=9vsa
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 189-1] libgd2 security update
Next by Date: [SECURITY] [DLA 191-1] checkpw security update
Previous by thread: [SECURITY] [DLA 189-1] libgd2 security update
Next by thread: [SECURITY] [DLA 191-1] checkpw security update
Index(es):
- Date
- Thread