CLD-26 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-0379 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) libgcrypt
Deficiency Type SECURITY
Date Created 2017-09-17 09:50:59
Date Last Modified 2017-09-17 10:07:59

Version Specific Information:

Cucumber 1.0 i686fixed in libgcrypt-1.7.9-i686-1
Cucumber 1.0 x86_64fixed in libgcrypt-1.7.9-x86_64-1 and libgcrypt-lib_i686-1.7.9-lib_i686-1

Cucumber 1.1 i686 fixed in libgcrypt-1.7.9-i686-1
Cucumber 1.1 x86_64 fixed in libgcrypt-1.7.9-x86_64-1 and libgcrypt-lib_i686-1.7.9-lib_i686-1

Details:

Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel
attacks, which makes it easier for attackers to discover a secret key, related
to cipher/ecc.c and mpi/ec.c (https://nvd.nist.gov/vuln/detail/CVE-2017-0379).

Official vulnerability disclosure:
https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000414.html