UbuntuUpdates.org

Package "libgcrypt20-doc"

Name: libgcrypt20-doc

Description:

LGPL Crypto library - documentation

Latest version: 1.8.5-5ubuntu1.1
Release: focal (20.04)
Level: updates
Repository: main
Head package: libgcrypt20
Homepage: https://directory.fsf.org/project/libgcrypt/

Links


Download "libgcrypt20-doc"


Other versions of "libgcrypt20-doc" in Focal

Repository Area Version
base main 1.8.5-5ubuntu1
security main 1.8.5-5ubuntu1.1

Changelog

Version: 1.8.5-5ubuntu1.1 2021-09-16 13:06:25 UTC

  libgcrypt20 (1.8.5-5ubuntu1.1) focal-security; urgency=medium

  * SECURITY UPDATE: lack of exponent blinding in ElGamal encryption
    - debian/patches/CVE-2021-33560.patch: harden ElGamal by introducing
      exponent blinding too in cipher/elgamal.c.
    - CVE-2021-33560
  * SECURITY UPDATE: incorrect support of smaller K
    - debian/patches/CVE-2021-40528.patch: fix ElGamal encryption for other
      implementations in cipher/elgamal.c.
    - CVE-2021-40528

 -- Marc Deslauriers <email address hidden> Tue, 14 Sep 2021 14:36:24 -0400

CVE-2021-33560 Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack again
CVE-2021-40528 The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a cer



About   -   Send Feedback to @ubuntu_updates