Univention Bugzilla – Bug 53478
libgcrypt20: Multiple issues (5.0)
Last modified: 2021-06-30 18:54:29 CEST
New Debian libgcrypt20 1.8.4-5+deb10u1 fixes: This update addresses the following issue: * mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm (CVE-2021-33560)
--- mirror/ftp/pool/main/libg/libgcrypt20/libgcrypt20_1.8.4-5.dsc +++ apt/ucs_5.0-0-errata5.0-0/source/libgcrypt20_1.8.4-5+deb10u1.dsc @@ -1,3 +1,9 @@ +1.8.4-5+deb10u1 [Sat, 29 May 2021 13:32:02 +0200] Andreas Metzler <ametzler@debian.org>: + + * 31_cipher-Fix-ElGamal-encryption-for-other-implementati.patch from + upstream LIBGCRYPT-1.8-BRANCH: Fix weak ElGamal encryption with keys *not* + generated by GnuPG/libgcrypt. CVE-2021-33560 + 1.8.4-5 [Sun, 20 Jan 2019 14:47:23 +0100] Andreas Metzler <ametzler@debian.org>: * 30_doc-Fix-library-initialization-examples.patch from upstream <http://piuparts.knut.univention.de/5.0-0/#5859685253528847669>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-0] 1ec9e9bc96 Bug #53478: libgcrypt20 1.8.4-5+deb10u1 doc/errata/staging/libgcrypt20.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x36>