Summary: | <dev-libs/libgcrypt-1.6.3-r4: Two side channel attacks (CVE-{2014-3591,2015-0837}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alonbl, bircoph, crypto+disabled, m.debruijne |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html | ||
Whiteboard: | A3 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 538488, 567382, 575672 | ||
Bug Blocks: |
Description
Kristian Fiskerstrand (RETIRED)
2015-02-27 21:28:16 UTC
New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s). Arches and Maintainer(s), Thank you for your work. Sadly this is not yet fixed in 1.5 branch and there are other outstanding bugs blocking removal. I see that fix for one of them was backported last week in 1.5 branch after all 1 Noteworthy changes in version 1.5.5 (2016-02-18) [C19/A8/R4] 2 ------------------------------------------------ 3 4 * Mitigate chosen cipher text attacks on ECDH with Weierstrass 5 curves. [CVE-2015-7511] 6 7 * Use ciphertext blinding for Elgamal decryption. [CVE-2014-3591] Will look into bumping later commit af07eccb7f03618e3ca39e525696f01222a8a009 Author: Kristian Fiskerstrand <k_f@gentoo.org> Date: Sun May 22 21:41:39 2016 +0200 dev-libs/libgcrypt: Cleanup of vulnerable 1.5 versions Gentoo-Bug: 541564 -- the libgcrypt 1.5 branch is EOL for security fixes YE2016, applications should migrate to 1.6 API within this time. Removal of 1.5 branch is tracked in bug 567382 Package-Manager: portage-2.3.0_rc1 This issue was resolved and addressed in GLSA 201606-04 at https://security.gentoo.org/glsa/201606-04 by GLSA coordinator Yury German (BlueKnight) This issue was resolved and addressed in GLSA 201610-04 at https://security.gentoo.org/glsa/201610-04 by GLSA coordinator Kristian Fiskerstrand (K_F). |