Advisories ยป MGASA-2021-0294

Updated libgcrypt packages fix a security vulnerability

Publication date: 28 Jun 2021
Modification date: 28 Jun 2021
Type: security
Affected Mageia releases : 7 , 8
CVE: CVE-2021-33560

Description

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption
because it lacks exponent blinding to address a side-channel attack against
mpi_powm, and the window size is not chosen appropriately (CVE-2021-33560).
                

References

SRPMS

7/core

8/core