ArchLinux: 201602-19: libgcrypt: secret key extraction
Summary
A vulnerability was found in a way the ECDH encryption algorithm decrypts data. An attacker with a specialized setup can extract the secret decryption key from a target located in an adjacent room within seconds. This is done by measuring the target's electromagnetic emanations.
Resolution
Upgrade to 1.6.5-1.
# pacman -Syu "libgcrypt>=1.6.5-1"
The problem has been fixed upstream in version 1.6.5.
References
https://access.redhat.com/security/cve/CVE-2015-7511 https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html
Workaround
None.