Package "libgcrypt20"

Name: libgcrypt20


LGPL Crypto library - runtime library

Latest version: 1.8.7-2ubuntu2.1
Release: hirsute (21.04)
Level: security
Repository: main
Homepage: https://directory.fsf.org/project/libgcrypt/


Download "libgcrypt20"

Other versions of "libgcrypt20" in Hirsute

Repository Area Version
base main 1.8.7-2ubuntu2
base universe 1.8.7-2ubuntu2
security universe 1.8.7-2ubuntu2.1
updates main 1.8.7-2ubuntu2.1
updates universe 1.8.7-2ubuntu2.1

Packages in group

Deleted packages are displayed in grey.


Version: 1.8.7-2ubuntu2.1 2021-09-16 12:06:19 UTC

  libgcrypt20 (1.8.7-2ubuntu2.1) hirsute-security; urgency=medium

  * SECURITY UPDATE: lack of exponent blinding in ElGamal encryption
    - debian/patches/CVE-2021-33560.patch: harden ElGamal by introducing
      exponent blinding too in cipher/elgamal.c.
    - CVE-2021-33560
  * SECURITY UPDATE: incorrect support of smaller K
    - debian/patches/CVE-2021-40528.patch: fix ElGamal encryption for other
      implementations in cipher/elgamal.c.
    - CVE-2021-40528

 -- Marc Deslauriers <email address hidden> Tue, 14 Sep 2021 14:30:44 -0400

CVE-2021-33560 Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack again
CVE-2021-40528 The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a cer

About   -   Send Feedback to @ubuntu_updates