Joined: 12 May 2004
|Posted: Mon Mar 16, 2020 12:26 am Post subject: [ GLSA 202003-32 ] Libgcrypt
|Gentoo Linux Security Advisory
Title: Libgcrypt: Side-channel attack (GLSA 202003-32)
A vulnerability in Libgcrypt could allow a local attacker to
recover sensitive information.
Libgcrypt is a general purpose cryptographic library derived out of
Vulnerable: < 1.8.5
Unaffected: >= 1.8.5
Architectures: All supported architectures
A timing attack was found in the way ECCDSA was implemented in
A local man-in-the-middle attacker, during signature generation, could
possibly recover the private key.
There is no known workaround at this time.
All Libgcrypt users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libgcrypt-1.8.5"