Joined: 12 May 2004
|Posted: Fri Aug 29, 2014 11:26 am Post subject: [ GLSA 201408-10 ] Libgcrypt: Side-channel attack
|Gentoo Linux Security Advisory
Title: Libgcrypt: Side-channel attack (GLSA 201408-10)
Date: August 29, 2014
A vulnerability in Libgcrypt could allow a remote attacker to
extract ElGamal private key information.
Libgcrypt is a general purpose cryptographic library derived out of
Vulnerable: < 1.5.4
Unaffected: >= 1.5.4
Architectures: All supported architectures
A vulnerability in the implementation of ElGamal decryption procedures
of Libgcrypt leaks information to various side-channels.
A physical side-channel attack allows a remote attacker to fully extract
decryption keys during the decryption of a chosen ciphertext.
There is no known workaround at this time.
All Libgcrypt users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libgcrypt-1.5.4"