it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 3478-1] libgcrypt11 security update
- Date: Mon, 15 Feb 2016 19:18:40 +0000
- List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
- List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-return-path: <carnil AT master.debian.org>
- Priority: urgent
- Resent-date: Mon, 15 Feb 2016 19:18:57 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <6EQ4IyFbOKH.A.xKE.hSiwWB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3478-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
February 15, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : libgcrypt11
CVE ID : CVE-2015-7511
Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered
that the ECDH secret decryption keys in applications using the
libgcrypt11 library could be leaked via a side-channel attack.
See https://www.cs.tau.ac.IL/~tromer/ecdh/ for details.
For the oldstable distribution (wheezy), this problem has been fixed
in version 1.5.0-5+deb7u4.
We recommend that you upgrade your libgcrypt11 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWwh9bAAoJEAVMuPMTQ89ERtwP/0kJcy66nl8rTu7Y/5MnVyJi
jotYMdxZcNBqcZDKkQl8soZSzTgpYlRrnfdAZrxqr9FbHxvrA40z775hzG8fdwGx
qIljTfeE1Wk5WCqEkX/381VByIpFtE80FKPgxYjdorkWiglgRWkeOwCj875MneWB
l9mU1C2k+WCz9jXpSYzqiOECkDcMNmclPhoYZuWfkIdIg3w8Mdz1/4Uj2+jqQ/qD
6qSes8VVL7+pl947QOZ2n/daPzD3vmS1GeHNawC8NqqA5WwREcAq/QVAt8PSFPoY
Qwh6YPGiKO0L6JMKPIT2JGxaWlij2PQBeEOnemejlsF4BZsOVoCH24gmknQMCIWv
9pXmJ9VtyQjrC6knVinTwUSQMNzWZZl3zDzF0kVMGM0kIJ5key/6Ruxmc1IuqXWm
P9TMUOWARjGU9vw1IQgatSjErTl3Iti0oPasaS7P670IUZptGdqqQOMhniRDGU/c
pHEq2l1DXQY4gu7P71ZJLQBY8L4vVyhlRKS38hXL484z5Pw+bgMvn0Oh9h6lapLL
6Ffh2x9qLrTSWYY/M4cMOLwQ50D+0KHlEjA6aQDtctaYCsFcc19Sqr66uxsBUQeU
/OOA3oCdyIafaeD3ehUDpnyrhkQ0Z7D9rpkO+roQ+9H1QVYNby0XCFSbnqtjqgVt
1so9Evkrb7vVbH7B/u71
=i1hO
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 3478-1] libgcrypt11 security update, Salvatore Bonaccorso, 15.02.2016
Archiv bereitgestellt durch MHonArc 2.6.19.