Summary
Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamal encryption subkeys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side-channel attack.
Solution
For the stable distribution (wheezy), this problem has been fixed in version 1.5.0-5+deb7u2.
We recommend that you upgrade your libgcrypt11 packages.
Insight
libgcrypt contains cryptographic functions. Many important free ciphers, hash algorithms and public key signing algorithms have been implemented:
Arcfour, Blowfish, CAST5, DES, AES, Twofish, Serpent, rfc2268 (rc2), SEED, Camellia, CRC, MD4, MD5, RIPE-MD160, SHA-1, SHA-256, SHA-512, Tiger, Whirlpool, DSA, DSA2, ElGamal, RSA, ECC.
Affected
libgcrypt11 on Debian Linux
Detection
This check tests the installed software version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-5270 -
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities