Bug 40678 - libgcrypt11: Multiple issues (4.1)
libgcrypt11: Multiple issues (4.1)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.1
Other Linux
: P3 normal (vote)
: UCS 4.1-3-errata
Assigned To: Philipp Hahn
Felix Botner
:
: 42101 (view as bug list)
Depends on:
Blocks: 40677
  Show dependency treegraph
 
Reported: 2016-02-16 19:00 CET by Arvid Requate
Modified: 2016-10-20 12:40 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:
requate: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2016-02-16 19:00:56 CET
Upstream Debian package version 1.5.0-5+deb7u4 fixes this issue:

* side-channel attack on ECDH with Weierstrass curves (CVE-2015-7511)
Comment 1 Arvid Requate univentionstaff 2016-08-25 15:27:55 CEST
Upstream Debian package version 1.5.0-5+deb7u5 fixes this issue:

* PRNG output is predictable (CVE-2016-6313)
Comment 2 Arvid Requate univentionstaff 2016-08-25 15:27:59 CEST
*** Bug 42101 has been marked as a duplicate of this bug. ***
Comment 3 Philipp Hahn univentionstaff 2016-09-28 15:46:32 CEST
repo_admin.py -U -r 4.1 -s errata4.1-3 -d wheezy -p libgcrypt11

Package: libgcrypt11
Version: 1.5.0-5.20.201609281540
Branch: ucs_4.1-0
Scope: errata4.1-3

r72883 | Bug #40678: libgcrypt11 UCS-4.1-3 YAML
 libgcrypt11.yaml
Comment 4 Felix Botner univentionstaff 2016-10-12 16:13:19 CEST
OK - amd64/i386
OK - update
OK - cve's
OK - yaml
Comment 5 Janek Walkenhorst univentionstaff 2016-10-20 12:40:12 CEST
<http://errata.software-univention.de/ucs/4.1/308.html>