UbuntuUpdates.org

Package "libgcrypt11"

Name: libgcrypt11

Description:

LGPL Crypto library - runtime library

Latest version: 1.5.3-2ubuntu4.6
Release: trusty (14.04)
Level: security
Repository: main
Homepage: http://directory.fsf.org/project/libgcrypt/

Links

Save this URL for the latest version of "libgcrypt11": https://www.ubuntuupdates.org/libgcrypt11


Download "libgcrypt11"


Other versions of "libgcrypt11" in Trusty

Repository Area Version
base main 1.5.3-2ubuntu4
updates main 1.5.3-2ubuntu4.6

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.5.3-2ubuntu4.6 2018-06-19 16:06:54 UTC

  libgcrypt11 (1.5.3-2ubuntu4.6) trusty-security; urgency=medium

  * SECURITY UPDATE: memory-cache side-channel attack on ECDSA signatures
    - debian/patches/CVE-2018-0495.patch: add blinding for ECDSA in
      cipher/ecc.
    - CVE-2018-0495

 -- Marc Deslauriers <email address hidden> Mon, 18 Jun 2018 09:40:59 -0400

Source diff to previous version
CVE-2018-0495 Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of

Version: 1.5.3-2ubuntu4.5 2017-07-03 19:06:31 UTC

  libgcrypt11 (1.5.3-2ubuntu4.5) trusty-security; urgency=medium

  * SECURITY UPDATE: full RSA key recovery via side-channel attack
    - debian/patches/CVE-2017-7526-1.patch: simplify loop in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-2.patch: use same computation for square
      and multiply in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-3.patch: add exponent blinding in
      cipher/rsa.c.
    - debian/patches/CVE-2017-7526-4.patch: add free to cipher/rsa.c.
    - debian/patches/CVE-2017-7526-5.patch: add free to cipher/rsa.c.
    - CVE-2017-7526

 -- Marc Deslauriers <email address hidden> Mon, 03 Jul 2017 08:21:32 -0400

Source diff to previous version
CVE-2017-7526 Use of left-to-right sliding window method allows full RSA key recovery

Version: 1.5.3-2ubuntu4.4 2016-08-18 20:07:01 UTC

  libgcrypt11 (1.5.3-2ubuntu4.4) trusty-security; urgency=medium

  * SECURITY UPDATE: random number generator prediction
    - debian/patches/CVE-2016-6313-1.patch: improve the diagram showing the
      random mixing in random/random-csprng.c.
    - debian/patches/CVE-2016-6313-2.patch: hash continuous areas in the
      csprng pool in random/random-csprng.c.
    - CVE-2016-6313

 -- Marc Deslauriers <email address hidden> Wed, 17 Aug 2016 13:39:25 -0400

Source diff to previous version

Version: 1.5.3-2ubuntu4.3 2016-02-15 19:07:00 UTC

  libgcrypt11 (1.5.3-2ubuntu4.3) trusty-security; urgency=medium

  * SECURITY UPDATE: side-channel attack on ECDH
    - debian/patches/CVE-2015-7511.patch: perform input validation in
      cipher/ecc.c, src/mpi.h, use constant-time multiplication in
      mpi/ec.c.
    - CVE-2015-7511

 -- Marc Deslauriers <email address hidden> Wed, 10 Feb 2016 11:03:08 -0500

Source diff to previous version

Version: 1.5.3-2ubuntu4.2 2015-04-01 14:06:57 UTC

  libgcrypt11 (1.5.3-2ubuntu4.2) trusty-security; urgency=medium

  * SECURITY UPDATE: sidechannel attack on Elgamal
    - debian/patches/CVE-2014-3591.patch: use ciphertext blinding in
      cipher/elgamal.c.
    - CVE-2014-3591
  * SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm
    - debian/patches/CVE-2015-0837.patch: avoid timing variations in
      mpi/mpi-pow.c, mpi/mpiutil.c, src/mpi.h.
    - CVE-2015-0837
 -- Marc Deslauriers <email address hidden> Thu, 26 Mar 2015 08:18:00 -0400

CVE-2014-3591 sidechannel attack on Elgamal
CVE-2015-0837 data-dependent timing variations in modular exponentiation



About   -   Send Feedback to @ubuntu_updates