[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1405-1] libgcrypt20 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libgcrypt20
Version        : 1.6.3-2+deb8u5
CVE ID         : CVE-2018-0495

It was discovered that Libgcrypt is prone to a local side-channel attack
allowing recovery of ECDSA private keys.

For Debian 8 "Jessie", these problems have been fixed in version
1.6.3-2+deb8u5.

We recommend that you upgrade your libgcrypt20 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAls15/8ACgkQnUbEiOQ2
gwIzEBAAjF5IjFf7yX2DCfwuaISIYN0xYPcbRu7P+SfLLVK6+llipTQ7s3HYs8kz
wgCSNHT2AwPq6h0ezXog5/CmR3Ayz6lMHqtMm3/2vTx32whBnf3gzhzhXWwAniU6
9fIZWXa71PZMl46S6PT0KXpfyD9hUQqQ6EggfJBrPYp4o1YQUvB9ogeqC1kHm2I4
oN+SpClRx0BVEYi6dEWmf5HbG4VOLRHAOybq6u1ZD0gOFpnKaASBLhjx9JbnjdlF
XNcGfvSQL5RyP9H8kO3+AfeTu8S0a12QhuCkF07rVMjTkm43CG4MvnwQ81Nhr/Hy
3CsnrzKwtPJSxa/e94p+mOjRFEf0OpJYwAXl+DpOPGdwcrrMauiWOMv9TAemzxwI
1jTQOkz1lohRCpRyqZeev9wjF0B8CU8MbHXHaB8HwD6bhvSm9Fw8y9bDaPxvrCvU
NHQrSN0kYmgBmQWTG9t9+z07+915kpbI8Bhtn57C6ibgq3E4BXj2w/0urRo9bV42
YodC1qT5f/BYTXWM5U6PUYHCklXjQmcdITPbMXK0W/JhuYaqaUoQd1z8XyAC2Db4
DJP9uKydnwEsE8ZT9BgchCXGWpCjyQEI7Z96WQH9cLQKLtlPXPx3aF6BoExMzv6N
qKR2uBIHV7Vawu8sCYMDojYuXasgLOUtlfLUtwglExMMmy/6DNc=
=d+JQ
-----END PGP SIGNATURE-----


Reply to: