UbuntuUpdates.org

Package "libgcrypt11"

Name: libgcrypt11

Description:

LGPL Crypto library - runtime library
Latest version: 1.5.0-3ubuntu0.9
Release: precise (12.04)
Level: security
Repository: main
Homepage: http://directory.fsf.org/project/libgcrypt/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libgcrypt11"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libgcrypt11" in Precise

Repository Area Version
base main 1.5.0-3
updates main 1.5.0-3ubuntu0.9

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.5.0-3ubuntu0.9 2021-05-03 14:07:15 UTC

  libgcrypt11 (1.5.0-3ubuntu0.9) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: ECDSA timing attack
    - debian/patches/CVE-2019-13627.patch: add mitigation against timing
      attack in cipher/ecc.c, mpi/ec.c.
    - CVE-2019-13627

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 28 Jan 2020 11:54:33 -0300
Source diff to previous version
CVE-2019-13627 It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3

Version: 1.5.0-3ubuntu0.6 2016-08-18 20:07:00 UTC

  libgcrypt11 (1.5.0-3ubuntu0.6) precise-security; urgency=medium

  * SECURITY UPDATE: random number generator prediction
    - debian/patches/CVE-2016-6313-1.patch: improve the diagram showing the
      random mixing in random/random-csprng.c.
    - debian/patches/CVE-2016-6313-2.patch: hash continuous areas in the
      csprng pool in random/random-csprng.c.
    - CVE-2016-6313

 -- Marc Deslauriers <email address hidden> Wed, 17 Aug 2016 13:41:27 -0400
Source diff to previous version

Version: 1.5.0-3ubuntu0.5 2016-02-15 19:06:58 UTC

  libgcrypt11 (1.5.0-3ubuntu0.5) precise-security; urgency=medium

  * SECURITY UPDATE: side-channel attack on ECDH
    - debian/patches/CVE-2015-7511.patch: perform input validation in
      cipher/ecc.c, src/mpi.h, use constant-time multiplication in
      mpi/ec.c.
    - CVE-2015-7511
  * debian/patches/fix_ec_point_addition.patch: fix addition of EC points
    in mpi/ec.c.

 -- Marc Deslauriers <email address hidden> Wed, 10 Feb 2016 11:12:46 -0500
Source diff to previous version

Version: 1.5.0-3ubuntu0.4 2015-04-01 14:06:51 UTC

  libgcrypt11 (1.5.0-3ubuntu0.4) precise-security; urgency=medium

  * SECURITY UPDATE: sidechannel attack on Elgamal
    - debian/patches/CVE-2014-3591.patch: use ciphertext blinding in
      cipher/elgamal.c.
    - CVE-2014-3591
  * SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm
    - debian/patches/CVE-2015-0837.patch: avoid timing variations in
      mpi/mpi-pow.c, mpi/mpiutil.c, src/mpi.h.
    - CVE-2015-0837
 -- Marc Deslauriers <email address hidden> Thu, 26 Mar 2015 08:51:49 -0400
Source diff to previous version
CVE-2014-3591 sidechannel attack on Elgamal
CVE-2015-0837 data-dependent timing variations in modular exponentiation

Version: 1.5.0-3ubuntu0.3 2014-09-03 19:06:38 UTC

  libgcrypt11 (1.5.0-3ubuntu0.3) precise-security; urgency=medium

  * SECURITY UPDATE: side-channel attack on Elgamal encryption subkeys
    - debian/patches/add_gcry_divide_by_zero.patch: replace deliberate
      division by zero with new _gcry_divide_by_zero().
    - debian/patches/CVE-2014-5270.patch: use sliding window method for
      exponentiation algorithm in mpi/mpi-pow.c.
    - CVE-2014-5270
 -- Marc Deslauriers <email address hidden> Tue, 19 Aug 2014 09:09:17 -0400
CVE-2014-5270 side-channel attack on Elgamal encryption subkeys


About   -   Send Feedback to @ubuntu_updates