it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 3474-1] libgcrypt20 security update
- Date: Fri, 12 Feb 2016 16:07:28 +0000
- List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
- List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-return-path: <carnil AT master.debian.org>
- Priority: urgent
- Resent-date: Fri, 12 Feb 2016 16:07:49 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <uO77N22lXAM.A.dHB.VNgvWB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3474-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
February 12, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : libgcrypt20
CVE ID : CVE-2015-7511
Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered
that the ECDH secret decryption keys in applications using the
libgcrypt20 library could be leaked via a side-channel attack.
See https://www.cs.tau.ac.IL/~tromer/ecdh/ for details.
For the stable distribution (jessie), this problem has been fixed in
version 1.6.3-2+deb8u1.
For the unstable distribution (sid), this problem has been fixed in
version 1.6.5-2.
We recommend that you upgrade your libgcrypt20 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWvgDSAAoJEAVMuPMTQ89EfVEQAJZ3bwB0ZO+tTUPUahth+4fn
niMtdvanTiUULdG6atiXTIh5lNrF5DrunuYnezuI/a6uwyBTbPnjDtpfVMssfOO2
qdfz2aDSnI2/cvNAYQ1W0ZOzYBM9qOhOraUliOqvFoi/cAecZGQEHyAl01VLVHPq
jb4Z8QxsS3kCoGz0wOfRCPLAlub9yhyKw3zhr4UCVNZ1eLbmP5bInzFaWO7/mfRo
0mJQo0sWBXI1lCcvKFZQHx7b6sIsv80CJ5N/+A2rjykQmM9vEHHz2IiUXf+fCqEQ
fDePCTXLNQbNBP6kS2zlQJNbon45OaY7YdjDPrPrOhrAeaSMDO3H2iFa+fiEkjmG
QDxAB86GtmUOi0Uujc/oZVIkp6b3AMhJDmflxHDn47tRVp6CEkGgvPWNurbUt6h4
BQJEMCQA2j1qVSKWS5F7SzxfuO3VU5JT10QBtMNPsb/nzT0yY3JKWoBW2eyHrpiB
h9co0xS5Z9SN+jpJJuCeK4pfrr+xwGcqSxe2hHnT6nqMlsvCEE+k/nRKOC3+03u/
zEZkcQ5qrCJ/l2zCResbeWTM+gYk+OeTkpyuaJwcp6C6mdNq69BG3LUfngP+r871
/Gr0ggtu3TBQlZ4orlSLOTOvf2pJ8pizMOTZrG2cPivTjLOGduqKrfbjxK3bo8ve
oOpgoyfI9/Ncl0qtkVPb
=CRM8
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 3474-1] libgcrypt20 security update, Salvatore Bonaccorso, 12.02.2016
Archiv bereitgestellt durch MHonArc 2.6.19.