[3.4] libgcrypt: Missing input validation for X25519 curve (CVE-2017-0379)
Libgcrypt before 1.8.1 does not properly consider Curve25519
side-channel attacks,
which makes it easier for attackers to discover a secret key, related to
cipher/ecc.c and mpi/ec.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-0379
https://eprint.iacr.org/2017/806
Patch:
(from redmine: issue id 7834, created on 2017-09-14, closed on 2017-09-19)
- Relations:
- parent #7831 (closed)
- Changesets:
- Revision 3189f66b by Natanael Copa on 2017-09-19T09:00:29Z:
main/libgcrypt: security upgrade to 1.7.9 (CVE-2017-0378)
fixes #7834