CVE-2017-0379 log

Severity Medium
Remote No
Type Private key recovery
Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. On multi user systems or on boxes with virtual machines this attack may be used to steal private keys.
Group Package Affected Fixed Severity Status Ticket
AVG-403 lib32-libgcrypt 1.8.0-1 1.8.1-1 Medium Fixed
AVG-402 libgcrypt 1.8.0-1 1.8.1-1 Medium Fixed
Date Advisory Group Package Severity Type
18 Sep 2017 ASA-201709-14 AVG-403 lib32-libgcrypt Medium private key recovery
18 Sep 2017 ASA-201709-13 AVG-402 libgcrypt Medium private key recovery