lib32-libgcrypt
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | General purpose cryptographic library based on the code from GnuPG (32-bit) |
| Version | 1.10.3-1 [multilib] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2012 | 1.9.2-1 | 1.9.3-1 | Medium | Fixed | |
| AVG-1045 | 1.8.4-1 | 1.8.5-1 | High | Fixed | |
| AVG-403 | 1.8.0-1 | 1.8.1-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-33560 | AVG-2012 | Medium | Yes | Private key recovery | Libgcrypt before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window... |
| CVE-2019-13627 | AVG-1045 | High | Yes | Private key recovery | A vulnerability has been found in the ECDSA/EdDSA implementation of libgcrypt up to 1.8.4, allowing for practical recovery of the long- term private key. |
| CVE-2017-0379 | AVG-403 | Medium | No | Private key recovery | Libgcrypt before 1.8.1 does not properly consider Curve25519 side- channel attacks, which makes it easier for attackers to discover a secret key, related to... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 18 Sep 2017 | ASA-201709-14 | AVG-403 | Medium | private key recovery |