[SECURITY] [DLA 1405-1] libgcrypt20 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1405-1] libgcrypt20 security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Fri, 29 Jun 2018 10:04:20 +0200
Message-id: <[🔎] 2cd3e618-7861-99f1-d806-e674b08d71f0@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libgcrypt20
Version        : 1.6.3-2+deb8u5
CVE ID         : CVE-2018-0495

It was discovered that Libgcrypt is prone to a local side-channel attack
allowing recovery of ECDSA private keys.

For Debian 8 "Jessie", these problems have been fixed in version
1.6.3-2+deb8u5.

We recommend that you upgrade your libgcrypt20 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAls15/8ACgkQnUbEiOQ2
gwIzEBAAjF5IjFf7yX2DCfwuaISIYN0xYPcbRu7P+SfLLVK6+llipTQ7s3HYs8kz
wgCSNHT2AwPq6h0ezXog5/CmR3Ayz6lMHqtMm3/2vTx32whBnf3gzhzhXWwAniU6
9fIZWXa71PZMl46S6PT0KXpfyD9hUQqQ6EggfJBrPYp4o1YQUvB9ogeqC1kHm2I4
oN+SpClRx0BVEYi6dEWmf5HbG4VOLRHAOybq6u1ZD0gOFpnKaASBLhjx9JbnjdlF
XNcGfvSQL5RyP9H8kO3+AfeTu8S0a12QhuCkF07rVMjTkm43CG4MvnwQ81Nhr/Hy
3CsnrzKwtPJSxa/e94p+mOjRFEf0OpJYwAXl+DpOPGdwcrrMauiWOMv9TAemzxwI
1jTQOkz1lohRCpRyqZeev9wjF0B8CU8MbHXHaB8HwD6bhvSm9Fw8y9bDaPxvrCvU
NHQrSN0kYmgBmQWTG9t9+z07+915kpbI8Bhtn57C6ibgq3E4BXj2w/0urRo9bV42
YodC1qT5f/BYTXWM5U6PUYHCklXjQmcdITPbMXK0W/JhuYaqaUoQd1z8XyAC2Db4
DJP9uKydnwEsE8ZT9BgchCXGWpCjyQEI7Z96WQH9cLQKLtlPXPx3aF6BoExMzv6N
qKR2uBIHV7Vawu8sCYMDojYuXasgLOUtlfLUtwglExMMmy/6DNc=
=d+JQ
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1403-1] zendframework security update
Next by Date: [SECURITY] [DLA 1406-1] firefox-esr security update
Previous by thread: [SECURITY] [DLA 1403-1] zendframework security update
Next by thread: [SECURITY] [DLA 1406-1] firefox-esr security update
Index(es):
- Date
- Thread