Advisories ยป MGASA-2016-0072

Updated libgcrypt packages fix security vulnerabilities

Publication date: 17 Feb 2016
Modification date: 17 Feb 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-7511

Description

Updated libgcrypt packages fix security vulnerability:

Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that
the ECDH secret decryption keys in applications using the libgcrypt20 library
could be leaked via a side-channel attack (CVE-2015-7511).

The libgcrypt package was also updated to include countermeasures against
Lenstra's fault attack on RSA Chinese Remainder Theorem optimization in RSA.
A signature verification step was updated to protect against leaks of private
keys in case of hardware faults or implementation errors in numeric
libraries.  This issue is equivalent to the CVE-2015-5738 issue in gnupg.
                

References

SRPMS

5/core