Hash: SHA256

Package        : libgcrypt11
Version        : 1.5.0-5+deb7u6
CVE ID         : CVE-2017-7526

It was discovered that there was a key disclosure vulnerability in libgcrypt11
a library of cryptographic routines:

  It is well known that constant-time implementations of modular exponentiation
  cannot use sliding windows. However, software libraries such as Libgcrypt,
  used by GnuPG, continue to use sliding windows. It is widely believed that,
  even if the complete pattern of squarings and multiplications is observed
  through a side-channel attack, the number of exponent bits leaked is not
  sufficient to carry out a full key-recovery attack against RSA.
  Specifically, 4-bit sliding windows leak only 40% of the bits, and 5-bit
  sliding windows leak only 33% of the bits.

    -- Sliding right into disaster: Left-to-right sliding windows leak
       

For Debian 7 "Wheezy", this issue has been fixed in libgcrypt11 version
1.5.0-5+deb7u6.

We recommend that you upgrade your libgcrypt11 packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      [email protected] / chris-lamb.co.uk
       `-