[SECURITY] [DLA 93-1] libgcrypt11 security update

2014-11-25T09:26:00
ID DEBIAN:DLA-93-1:914A4
Type debian
Reporter Debian
Modified 2014-11-25T09:26:00

Description

Package : libgcrypt11 Version : 1.4.5-2+squeeze2 CVE ID : CVE-2014-5270

Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamal encryption subkeys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side-channel attack (see http://www.cs.tau.ac.il/~tromer/handsoff/).

This is fixed in Squeeze in version 1.4.5-2+squeeze2.

We recommend that you upgrade your libgcrypt11 packages.

-- Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/