Univention Bugzilla – Bug 53521
libgcrypt20: Multiple issues (4.4)
Last modified: 2021-06-30 18:34:08 CEST
New Debian libgcrypt20 1.7.6-2+deb9u4 fixes: This update addresses the following issue: * mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm (CVE-2021-33560)
--- mirror/ftp/4.3/unmaintained/4.3-2/source/libgcrypt20_1.7.6-2+deb9u3.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/libgcrypt20_1.7.6-2+deb9u4.dsc @@ -1,3 +1,11 @@ +1.7.6-2+deb9u4 [Tue, 22 Jun 2021 20:03:02 +0200] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2021-33560 + 34_cipher-Fix-ElGamal-encryption-for-other-implementati.patch from + upstream LIBGCRYPT-1.8-BRANCH: Fix weak ElGamal encryption with keys *not* + generated by GnuPG/libgcrypt. + 1.7.6-2+deb9u3 [Fri, 15 Jun 2018 11:58:05 +0200] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://piuparts.knut.univention.de/4.4-8/#2129768904779616803>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] ecb5db15c2 Bug #53521: libgcrypt20 1.7.6-2+deb9u4 doc/errata/staging/libgcrypt20.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x997>