ALT Linux Team

Package libgcrypt update in p9 on 2020-04-08

ALT-PU-2020-1687-1

Package libgcrypt updated to version 1.8.5-alt3 for branch p9 in task 239665.

Closed vulnerabilities

Published: 2020-01-13

BDU:2020-01727

Уязвимость криптографической библиотеки Python ECDSA, связанная с недостаточной обработкой исключительных состояний, позволяющая нарушителю вызвать отказ в обслуживании

Severity: LOW (3.6) Vector: AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
References:
Published: 2019-06-20
Modified: 2024-11-21

CVE-2019-12904

In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attack

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2019-09-25
Modified: 2024-11-21

CVE-2019-13627

It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.

Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top