Описание
Moderate: libgcrypt security, bug fix, and enhancement update
The libgcrypt library provides general-purpose implementations of various cryptographic algorithms.
The following packages have been upgraded to a later upstream version: libgcrypt (1.8.5). (BZ#1764918)
Security Fix(es):
- libgcrypt: ECDSA timing attack allowing private key leak (CVE-2019-13627)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section.
Затронутые продукты
Rocky Linux 8
Связанные CVE
Исправления
- Red Hat - 1762741
- Red Hat - 1762765
- Red Hat - 1764018
Связанные уязвимости
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.
It was discovered that there was a ECDSA timing attack in the libgcryp ...
