[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 3478-1] libgcrypt11 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3478-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
February 15, 2016                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libgcrypt11
CVE ID         : CVE-2015-7511

Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered
that the ECDH secret decryption keys in applications using the
libgcrypt11 library could be leaked via a side-channel attack.

See https://www.cs.tau.ac.IL/~tromer/ecdh/ for details.

For the oldstable distribution (wheezy), this problem has been fixed
in version 1.5.0-5+deb7u4.

We recommend that you upgrade your libgcrypt11 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWwh9bAAoJEAVMuPMTQ89ERtwP/0kJcy66nl8rTu7Y/5MnVyJi
jotYMdxZcNBqcZDKkQl8soZSzTgpYlRrnfdAZrxqr9FbHxvrA40z775hzG8fdwGx
qIljTfeE1Wk5WCqEkX/381VByIpFtE80FKPgxYjdorkWiglgRWkeOwCj875MneWB
l9mU1C2k+WCz9jXpSYzqiOECkDcMNmclPhoYZuWfkIdIg3w8Mdz1/4Uj2+jqQ/qD
6qSes8VVL7+pl947QOZ2n/daPzD3vmS1GeHNawC8NqqA5WwREcAq/QVAt8PSFPoY
Qwh6YPGiKO0L6JMKPIT2JGxaWlij2PQBeEOnemejlsF4BZsOVoCH24gmknQMCIWv
9pXmJ9VtyQjrC6knVinTwUSQMNzWZZl3zDzF0kVMGM0kIJ5key/6Ruxmc1IuqXWm
P9TMUOWARjGU9vw1IQgatSjErTl3Iti0oPasaS7P670IUZptGdqqQOMhniRDGU/c
pHEq2l1DXQY4gu7P71ZJLQBY8L4vVyhlRKS38hXL484z5Pw+bgMvn0Oh9h6lapLL
6Ffh2x9qLrTSWYY/M4cMOLwQ50D+0KHlEjA6aQDtctaYCsFcc19Sqr66uxsBUQeU
/OOA3oCdyIafaeD3ehUDpnyrhkQ0Z7D9rpkO+roQ+9H1QVYNby0XCFSbnqtjqgVt
1so9Evkrb7vVbH7B/u71
=i1hO
-----END PGP SIGNATURE-----


Reply to: