Ubuntu 16.04 LTS: USN-4236-2 Critical Libgcrypt Timing Attack
ubuntu
January 14, 2020
Libgcrypt could be made to expose sensitive information.
Summary
Libgcrypt could be made to expose sensitive information.
Software Description:
- libgcrypt20: LGPL Crypto library
Details:
USN-4236-1 fixed a vulnerability in Libgcrypt. This update provides the
corresponding fix for Ubuntu 16.04 LTS.
Original advisory details:
It was discovered that Libgcrypt was susceptible to a ECDSA timing attack.
An attacker could possibly use this attack to recover sensitive
information.
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libgcrypt20 1.6.5-2ubuntu0.6 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-4236-2
https://ubuntu.com/security/notices/USN-4236-1
CVE-2019-13627
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
January 14, 2020
Topics Covered
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!