USN-2555-1: Libgcrypt vulnerabilities
1 April 2015
Several security issues were fixed in Libgcrypt.
Releases
Packages
- libgcrypt11 - LGPL Crypto library
- libgcrypt20 - LGPL Crypto library
Details
Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered
that Libgcrypt was susceptible to an attack via physical side channels. A
local attacker could use this attack to possibly recover private keys.
(CVE-2014-3591)
Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was
susceptible to an attack via physical side channels. A local attacker could
use this attack to possibly recover private keys. (CVE-2015-0837)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10
Ubuntu 14.04
Ubuntu 12.04
Ubuntu 10.04
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-2554-1: gnupg2, gpgsm, gpgv2, scdaemon, gnupg-agent, gpgv-udeb, gnupg-udeb, gnupg-curl, gpgv, gnupg