Lucene search

UbuntuUSN-4236-2

HistoryJan 14, 2020 - 12:00 a.m.

Libgcrypt vulnerability

2020-01-1400:00:00

ubuntu.com

CVSS2

2.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:P/A:N

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

AI Score

6.6

Confidence

High

EPSS

0.003

Percentile

72.1%

JSON

Releases

Ubuntu 16.04 ESM

Packages

libgcrypt20 - LGPL Crypto library

Details

USN-4236-1 fixed a vulnerability in Libgcrypt. This update provides the
corresponding fix for Ubuntu 16.04 LTS.

Original advisory details:

It was discovered that Libgcrypt was susceptible to a ECDSA timing attack.
An attacker could possibly use this attack to recover sensitive
information.

OSVersionArchitecturePackageVersionFilename
Ubuntu16.04noarchlibgcrypt20< 1.6.5-2ubuntu0.6UNKNOWN
Ubuntu16.04noarchlibgcrypt11-dev< 1.5.4-3+really1.6.5-2ubuntu0.6UNKNOWN
Ubuntu16.04noarchlibgcrypt20-dbgsym< 1.6.5-2ubuntu0.6UNKNOWN
Ubuntu16.04noarchlibgcrypt20-dev< 1.6.5-2ubuntu0.6UNKNOWN
Ubuntu16.04noarchlibgcrypt20-dev-dbgsym< 1.6.5-2ubuntu0.6UNKNOWN
Ubuntu16.04noarchlibgcrypt20-doc< 1.6.5-2ubuntu0.6UNKNOWN
Ubuntu16.04noarchlibgcrypt20-udeb< 1.6.5-2ubuntu0.6UNKNOWN
Ubuntu16.04noarchlibgcrypt20-udeb-dbgsym< 1.6.5-2ubuntu0.6UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	16.04	noarch	libgcrypt20	< 1.6.5-2ubuntu0.6	UNKNOWN
Ubuntu	16.04	noarch	libgcrypt11-dev	< 1.5.4-3+really1.6.5-2ubuntu0.6	UNKNOWN
Ubuntu	16.04	noarch	libgcrypt20-dbgsym	< 1.6.5-2ubuntu0.6	UNKNOWN
Ubuntu	16.04	noarch	libgcrypt20-dev	< 1.6.5-2ubuntu0.6	UNKNOWN
Ubuntu	16.04	noarch	libgcrypt20-dev-dbgsym	< 1.6.5-2ubuntu0.6	UNKNOWN
Ubuntu	16.04	noarch	libgcrypt20-doc	< 1.6.5-2ubuntu0.6	UNKNOWN
Ubuntu	16.04	noarch	libgcrypt20-udeb	< 1.6.5-2ubuntu0.6	UNKNOWN
Ubuntu	16.04	noarch	libgcrypt20-udeb-dbgsym	< 1.6.5-2ubuntu0.6	UNKNOWN