UbuntuUpdates.org

Package "libgcrypt20"

Name: libgcrypt20

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • LGPL Crypto library - Windows development

Latest version: 1.8.7-2ubuntu2.1
Release: hirsute (21.04)
Level: updates
Repository: universe

Links



Other versions of "libgcrypt20" in Hirsute

Repository Area Version
base main 1.8.7-2ubuntu2
base universe 1.8.7-2ubuntu2
security main 1.8.7-2ubuntu2.1
security universe 1.8.7-2ubuntu2.1
updates main 1.8.7-2ubuntu2.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.8.7-2ubuntu2.1 2021-09-16 13:06:27 UTC

  libgcrypt20 (1.8.7-2ubuntu2.1) hirsute-security; urgency=medium

  * SECURITY UPDATE: lack of exponent blinding in ElGamal encryption
    - debian/patches/CVE-2021-33560.patch: harden ElGamal by introducing
      exponent blinding too in cipher/elgamal.c.
    - CVE-2021-33560
  * SECURITY UPDATE: incorrect support of smaller K
    - debian/patches/CVE-2021-40528.patch: fix ElGamal encryption for other
      implementations in cipher/elgamal.c.
    - CVE-2021-40528

 -- Marc Deslauriers <email address hidden> Tue, 14 Sep 2021 14:30:44 -0400

CVE-2021-33560 Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack again
CVE-2021-40528 The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a cer



About   -   Send Feedback to @ubuntu_updates