2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
39.7%
Package : libgcrypt11
Version : 1.4.5-2+squeeze2
CVE ID : CVE-2014-5270
Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamal
encryption subkeys in applications using the libgcrypt11 library, for
example GnuPG 2.x, could be leaked via a side-channel attack (see
http://www.cs.tau.ac.il/~tromer/handsoff/).
This is fixed in Squeeze in version 1.4.5-2+squeeze2.
We recommend that you upgrade your libgcrypt11 packages.
β
RaphaΓ«l Hertzog β Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Attachment:
signature.asc
Description: Digital signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | ia64 | gnupg-udeb | <Β 1.4.12-7+deb7u6 | gnupg-udeb_1.4.12-7+deb7u6_ia64.deb |
Debian | 7 | powerpc | gpgv | <Β 1.4.12-7+deb7u6 | gpgv_1.4.12-7+deb7u6_powerpc.deb |
Debian | 7 | ia64 | libgcrypt11-dbg | <Β 1.5.0-5+deb7u2 | libgcrypt11-dbg_1.5.0-5+deb7u2_ia64.deb |
Debian | 7 | i386 | libgcrypt11-dbg | <Β 1.5.0-5+deb7u2 | libgcrypt11-dbg_1.5.0-5+deb7u2_i386.deb |
Debian | 7 | armhf | libgcrypt11-dbg | <Β 1.5.0-5+deb7u2 | libgcrypt11-dbg_1.5.0-5+deb7u2_armhf.deb |
Debian | 6 | amd64 | libgcrypt11 | <Β 1.4.5-2+squeeze2 | libgcrypt11_1.4.5-2+squeeze2_amd64.deb |
Debian | 7 | armhf | gpgv | <Β 1.4.12-7+deb7u6 | gpgv_1.4.12-7+deb7u6_armhf.deb |
Debian | 7 | s390x | libgcrypt11 | <Β 1.5.0-5+deb7u2 | libgcrypt11_1.5.0-5+deb7u2_s390x.deb |
Debian | 7 | sparc | gnupg | <Β 1.4.12-7+deb7u6 | gnupg_1.4.12-7+deb7u6_sparc.deb |
Debian | 7 | powerpc | libgcrypt11-dbg | <Β 1.5.0-5+deb7u2 | libgcrypt11-dbg_1.5.0-5+deb7u2_powerpc.deb |