VDB
MAGEIA-2016-72
MAGEIA-2016-72
PUBLISHED
Updated libgcrypt packages fix security vulnerability: Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that the ECDH secret decryption keys in applications using the libgcrypt20 library could be leaked via a side-channel attack (CVE-2015-7511). The libgcrypt package was also updated to include countermeasures against Lenstra's fault attack on RSA Chinese Remainder Theorem optimization in RSA. A signature verification step was updated to protect against leaks of private keys in case of hardware faults or implementation errors in numeric libraries. This issue is equivalent to the CVE-2015-5738 issue in gnupg.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mageia | microcode | 0, 0.20160409-1.mga5.nonfree |
| Mageia | libgcrypt | 1.5.4-5.2.mga5, 0, 1.5.4-5.2.mga5 |
Timeline
- Feb 17, 2016 CVE Updated
- Feb 17, 2016 CVE Published
- Mar 17, 2026 Distribution Patch
- Mar 17, 2026 Security Advisory
References
- Updated libgcrypt packages fix security vulnerabilities issue
- Updated libgcrypt packages fix security vulnerabilities advisory
- Updated libgcrypt packages fix security vulnerabilities issue
- Updated libgcrypt packages fix security vulnerabilities issue
- Updated libgcrypt packages fix security vulnerabilities advisory
- Updated microcode packages fix possible security issue advisory
- Updated microcode packages fix possible security issue issue
- Updated microcode packages fix possible security issue issue