UbuntuUpdates.org

Package "libgcrypt20-dev"

Name: libgcrypt20-dev

Description:

LGPL Crypto library - development files

Latest version: 1.8.5-5ubuntu1.1
Release: focal (20.04)
Level: security
Repository: main
Head package: libgcrypt20
Homepage: https://directory.fsf.org/project/libgcrypt/

Links


Download "libgcrypt20-dev"


Other versions of "libgcrypt20-dev" in Focal

Repository Area Version
base main 1.8.5-5ubuntu1
updates main 1.8.5-5ubuntu1.1

Changelog

Version: 1.8.5-5ubuntu1.1 2021-09-16 12:06:18 UTC

  libgcrypt20 (1.8.5-5ubuntu1.1) focal-security; urgency=medium

  * SECURITY UPDATE: lack of exponent blinding in ElGamal encryption
    - debian/patches/CVE-2021-33560.patch: harden ElGamal by introducing
      exponent blinding too in cipher/elgamal.c.
    - CVE-2021-33560
  * SECURITY UPDATE: incorrect support of smaller K
    - debian/patches/CVE-2021-40528.patch: fix ElGamal encryption for other
      implementations in cipher/elgamal.c.
    - CVE-2021-40528

 -- Marc Deslauriers <email address hidden> Tue, 14 Sep 2021 14:36:24 -0400

CVE-2021-33560 Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack again
CVE-2021-40528 The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a cer



About   -   Send Feedback to @ubuntu_updates