[v2.5] libgcrypt: ELGAMAL side-channel attack
Description
libgcrypt older than 1.6.0, and older than 1.5.4, are vulnerable to a
ELGAMAL side-channel attack:
http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html
https://lists.fedoraproject.org/pipermail/security-team/2014-August/000055.html
This may be similar sort of issue to CVE-2013-4242.
References:
http://www.openwall.com/lists/oss-security/2014/08/11/1
https://bugzilla.redhat.com/show\_bug.cgi?id=988589
https://bugzilla.redhat.com/show\_bug.cgi?id=1128531
libgcrypt download link: ftp://ftp.gnupg.org/gcrypt/libgcrypt/
(from redmine: issue id 3287, created on 2014-08-15, closed on 2014-08-22)
- Relations:
- parent #3286 (closed)
- Changesets:
- Revision 8009421a by Natanael Copa on 2014-08-21T09:12:26Z:
main/libgcrypt: security upgrade to 1.5.4 (CVE-2014-5270)
fixes #3287