CLD-26 Details
Other IDs this deficiency may be known by:
Basic Information:
Affected Package(s) |
libgcrypt |
Deficiency Type |
SECURITY |
Date Created |
2017-09-17 09:50:59 |
Date Last Modified |
2017-09-17 10:07:59 |
Version Specific Information:
Cucumber 1.0 i686 | fixed in libgcrypt-1.7.9-i686-1 |
Cucumber 1.0 x86_64 | fixed in libgcrypt-1.7.9-x86_64-1 and libgcrypt-lib_i686-1.7.9-lib_i686-1 |
Cucumber 1.1 i686 |
fixed in libgcrypt-1.7.9-i686-1 |
Cucumber 1.1 x86_64 |
fixed in libgcrypt-1.7.9-x86_64-1 and libgcrypt-lib_i686-1.7.9-lib_i686-1 |
Details:
Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel
attacks, which makes it easier for attackers to discover a secret key, related
to cipher/ecc.c and mpi/ec.c (https://nvd.nist.gov/vuln/detail/CVE-2017-0379).
Official vulnerability disclosure:
https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000414.html