UbuntuUpdates.org

Package "libgcrypt20"

Name: libgcrypt20

Description:

LGPL Crypto library - runtime library

Latest version: 1.8.5-5ubuntu1.1
Release: focal (20.04)
Level: security
Repository: main
Homepage: https://directory.fsf.org/project/libgcrypt/

Links


Download "libgcrypt20"


Other versions of "libgcrypt20" in Focal

Repository Area Version
base universe 1.8.5-5ubuntu1
base main 1.8.5-5ubuntu1
security universe 1.8.5-5ubuntu1.1
updates main 1.8.5-5ubuntu1.1
updates universe 1.8.5-5ubuntu1.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.8.5-5ubuntu1.1 2021-09-16 12:06:18 UTC

  libgcrypt20 (1.8.5-5ubuntu1.1) focal-security; urgency=medium

  * SECURITY UPDATE: lack of exponent blinding in ElGamal encryption
    - debian/patches/CVE-2021-33560.patch: harden ElGamal by introducing
      exponent blinding too in cipher/elgamal.c.
    - CVE-2021-33560
  * SECURITY UPDATE: incorrect support of smaller K
    - debian/patches/CVE-2021-40528.patch: fix ElGamal encryption for other
      implementations in cipher/elgamal.c.
    - CVE-2021-40528

 -- Marc Deslauriers <email address hidden> Tue, 14 Sep 2021 14:36:24 -0400

CVE-2021-33560 Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack again
CVE-2021-40528 The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a cer



About   -   Send Feedback to @ubuntu_updates