libgcrypt: ELGAMAL side-channel attack (CVE-2014-5270)
libgcrypt older than 1.6.0, and older than 1.5.4, are vulnerable to a
ELGAMAL side-channel attack:
http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html
https://lists.fedoraproject.org/pipermail/security-team/2014-August/000055.html
This may be similar sort of issue to CVE-2013-4242.
References:
http://www.openwall.com/lists/oss-security/2014/08/11/1
https://bugzilla.redhat.com/show\_bug.cgi?id=988589
https://bugzilla.redhat.com/show\_bug.cgi?id=1128531
(from redmine: issue id 3286, created on 2014-08-15, closed on 2014-08-22)
- Relations:
- child #3287 (closed)
- child #3288 (closed)
- child #3289 (closed)