CVE-2017-0379 log
Source |
|
Severity | Medium |
Remote | No |
Type | Private key recovery |
Description | Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. On multi user systems or on boxes with virtual machines this attack may be used to steal private keys. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-403 | lib32-libgcrypt | 1.8.0-1 | 1.8.1-1 | Medium | Fixed | |
AVG-402 | libgcrypt | 1.8.0-1 | 1.8.1-1 | Medium | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
18 Sep 2017 | ASA-201709-14 | AVG-403 | lib32-libgcrypt | Medium | private key recovery |
18 Sep 2017 | ASA-201709-13 | AVG-402 | libgcrypt | Medium | private key recovery |