UbuntuUpdates.org

Package "libgcrypt20"

Name: libgcrypt20

Description:

LGPL Crypto library - runtime library

Latest version: 1.6.5-2ubuntu0.5
Release: xenial (16.04)
Level: updates
Repository: main
Homepage: http://directory.fsf.org/project/libgcrypt/

Links

Save this URL for the latest version of "libgcrypt20": https://www.ubuntuupdates.org/libgcrypt20


Download "libgcrypt20"


Other versions of "libgcrypt20" in Xenial

Repository Area Version
base main 1.6.5-2
security main 1.6.5-2ubuntu0.5

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.6.5-2ubuntu0.5 2018-06-19 17:06:53 UTC

  libgcrypt20 (1.6.5-2ubuntu0.5) xenial-security; urgency=medium

  * SECURITY UPDATE: memory-cache side-channel attack on ECDSA signatures
    - debian/patches/CVE-2018-0495.patch: add blinding for ECDSA in
      cipher/ecc-ecdsa.c.
    - CVE-2018-0495

 -- Marc Deslauriers <email address hidden> Mon, 18 Jun 2018 09:30:10 -0400

Source diff to previous version
CVE-2018-0495 Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of

Version: 1.6.5-2ubuntu0.4 2018-03-12 12:06:49 UTC

  libgcrypt20 (1.6.5-2ubuntu0.4) xenial; urgency=medium

  * Disable the library reading /proc/sys/crypto/fips_enabled file
    and going into FIPS mode. This fixes a hang on boot when using a
    FIPS-enabled kernel with encrypted installations (LP: #1748310)
    - debian/patches/disable_fips_enabled_read.patch

 -- Vineetha Pai <email address hidden> Fri, 16 Feb 2018 13:31:19 -0500

Source diff to previous version
1748310 [SRU][xenial]boot stalls looking for entropy in FIPS mode

Version: 1.6.5-2ubuntu0.3 2017-07-03 20:06:29 UTC

  libgcrypt20 (1.6.5-2ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: full RSA key recovery via side-channel attack
    - debian/patches/CVE-2017-7526-1.patch: simplify loop in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-2.patch: use same computation for square
      and multiply in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-3.patch: add exponent blinding in
      cipher/rsa.c.
    - debian/patches/CVE-2017-7526-4.patch: add free to cipher/rsa.c.
    - debian/patches/CVE-2017-7526-5.patch: add free to cipher/rsa.c.
    - CVE-2017-7526
  * SECURITY UPDATE: EdDSA key recovery via side-channel attack
    - debian/patches/CVE-2017-9526-1.patch: store EdDSA session key in
      secure memory in cipher/ecc-eddsa.c.
    - debian/patches/CVE-2017-9526-2.patch: fix SEGV and stat calculation
      src/secmem.c.
    - CVE-2017-9526

 -- Marc Deslauriers <email address hidden> Mon, 03 Jul 2017 08:16:37 -0400

Source diff to previous version
CVE-2017-7526 Use of left-to-right sliding window method allows full RSA key recovery
CVE-2017-9526 In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover

Version: 1.6.5-2ubuntu0.2 2016-08-18 21:07:14 UTC

  libgcrypt20 (1.6.5-2ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: random number generator prediction
    - debian/patches/CVE-2016-6313-1.patch: improve the diagram showing the
      random mixing in random/random-csprng.c.
    - debian/patches/CVE-2016-6313-2.patch: hash continuous areas in the
      csprng pool in random/random-csprng.c.
    - CVE-2016-6313
  * debian/rules: disable unaligned memory access on arm to fix FTBFS.

 -- Marc Deslauriers <email address hidden> Thu, 18 Aug 2016 13:15:16 -0400




About   -   Send Feedback to @ubuntu_updates