Advisories » MGASA-2017-0213

Updated libgcrypt packages fix security vulnerability

Publication date: 22 Jul 2017
Modification date: 22 Jul 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-7526

Description

Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot
Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and
Yuval Yarom discovered that Libgcrypt was susceptible to an attack via
side channels. A local attacker could use this attack to recover RSA
private keys (CVE-2017-7526).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21178
• https://www.ubuntu.com/usn/usn-3347-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526

SRPMS

5/core

• libgcrypt-1.5.4-5.4.mga5