USN-3417-1: Libgcrypt vulnerability
Publication date
14 September 2017
Overview
Libgcrypt could be made to expose sensitive information.
Releases
Packages
- libgcrypt20 - LGPL Crypto library
Details
Daniel Genkin, Luke Valenta, and Yuval Yarom discovered that Libgcrypt was
susceptible to an attack via side channels. A local attacker could use this
attack to recover Curve25519 private keys.
Daniel Genkin, Luke Valenta, and Yuval Yarom discovered that Libgcrypt was
susceptible to an attack via side channels. A local attacker could use this
attack to recover Curve25519 private keys.
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 17.04 zesty | libgcrypt20 – 1.7.6-1ubuntu0.2 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.