[SECURITY] [DLA 190-1] libgcrypt11 security update

2015-04-0910:44:31

lists.debian.org

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.5%

JSON

Package : libgcrypt11
Version : 1.4.5-2+squeeze3
CVE ID : CVE-2014-3591 CVE-2015-0837

Multiple vulnerabilities were discovered in libgcrypt:

CVE-2014-3591

The Elgamal decryption routine was susceptible to a side-channel
attack discovered by researchers of Tel Aviv University. Ciphertext
blinding was enabled to counteract it. Note that this may have a
quite noticeable impact on Elgamal decryption performance.

CVE-2015-0837

The modular exponentiation routine mpi_powm() was susceptible to a
side-channel attack caused by data-dependent timing variations when
accessing its internal pre-computed table.

OSVersionArchitecturePackageVersionFilename
Debian7amd64libgcrypt11-udeb< 1.5.0-5+deb7u3libgcrypt11-udeb_1.5.0-5+deb7u3_amd64.deb
Debian7alllibgcrypt11< 1.5.0-5+deb7u3libgcrypt11_1.5.0-5+deb7u3_all.deb
Debian6amd64libgcrypt11< 1.4.5-2+squeeze3libgcrypt11_1.4.5-2+squeeze3_amd64.deb
Debian7powerpcgpgv-udeb< 1.4.12-7+deb7u7gpgv-udeb_1.4.12-7+deb7u7_powerpc.deb
Debian6amd64gnupg< 1.4.10-4+squeeze7gnupg_1.4.10-4+squeeze7_amd64.deb
Debian7mipsellibgcrypt11< 1.5.0-5+deb7u3libgcrypt11_1.5.0-5+deb7u3_mipsel.deb
Debian6i386gnupg< 1.4.10-4+squeeze7gnupg_1.4.10-4+squeeze7_i386.deb
Debian7mipsellibgcrypt11-udeb< 1.5.0-5+deb7u3libgcrypt11-udeb_1.5.0-5+deb7u3_mipsel.deb
Debian7ia64libgcrypt11-dev< 1.5.0-5+deb7u3libgcrypt11-dev_1.5.0-5+deb7u3_ia64.deb
Debian7s390xgnupg-udeb< 1.4.12-7+deb7u7gnupg-udeb_1.4.12-7+deb7u7_s390x.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	amd64	libgcrypt11-udeb	< 1.5.0-5+deb7u3	libgcrypt11-udeb_1.5.0-5+deb7u3_amd64.deb
Debian	7	all	libgcrypt11	< 1.5.0-5+deb7u3	libgcrypt11_1.5.0-5+deb7u3_all.deb
Debian	6	amd64	libgcrypt11	< 1.4.5-2+squeeze3	libgcrypt11_1.4.5-2+squeeze3_amd64.deb
Debian	7	powerpc	gpgv-udeb	< 1.4.12-7+deb7u7	gpgv-udeb_1.4.12-7+deb7u7_powerpc.deb
Debian	6	amd64	gnupg	< 1.4.10-4+squeeze7	gnupg_1.4.10-4+squeeze7_amd64.deb
Debian	7	mipsel	libgcrypt11	< 1.5.0-5+deb7u3	libgcrypt11_1.5.0-5+deb7u3_mipsel.deb
Debian	6	i386	gnupg	< 1.4.10-4+squeeze7	gnupg_1.4.10-4+squeeze7_i386.deb
Debian	7	mipsel	libgcrypt11-udeb	< 1.5.0-5+deb7u3	libgcrypt11-udeb_1.5.0-5+deb7u3_mipsel.deb
Debian	7	ia64	libgcrypt11-dev	< 1.5.0-5+deb7u3	libgcrypt11-dev_1.5.0-5+deb7u3_ia64.deb
Debian	7	s390x	gnupg-udeb	< 1.4.12-7+deb7u7	gnupg-udeb_1.4.12-7+deb7u7_s390x.deb