Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Ubuntu 14.10: USN-2555-1 Moderate: Libgcrypt Physical Key Attack

ubuntu
Calendar Grey April 1, 2015
Dist Ubuntu Esm H88
Alert: Vulnerabilities found in Libgcrypt within Ubuntu systems. It's crucial to perform an update to safeguard against possible risks of key compromise.
Several security issues were fixed in Libgcrypt.

Summary

Several security issues were fixed in Libgcrypt.

Software Description:

- libgcrypt11: LGPL Crypto library

- libgcrypt20: LGPL Crypto library

Details:

Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered

that Libgcrypt was susceptible to an attack via physical side channels. A

local attacker could use this attack to possibly recover private keys.

(CVE-2014-3591)

Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was

susceptible to an attack via physical side channels. A local attacker could

use this attack to possibly recover private keys. (CVE-2015-0837)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  libgcrypt11                     1.5.4-2ubuntu1.1
  libgcrypt20                     1.6.1-2ubuntu1.14.10.1

Ubuntu 14.04 LTS:
  libgcrypt11                     1.5.3-2ubuntu4.2

Ubuntu 12.04 LTS:
  libgcrypt11                     1.5.0-3ubuntu0.4

Ubuntu 10.04 LTS:
  libgcrypt11                     1.4.4-5ubuntu2.4

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2555-1

CVE-2014-3591, CVE-2015-0837

Severity
important
Lowest
Low
Medium
High
Critical

April 01, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.