| Summary: | libgcrypt new security issue CVE-2015-0837 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | sysadmin-bugs |
| Version: | 4 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/635765/ | ||
| Whiteboard: | has_procedure advisory MGA4-32-OK | ||
| Source RPM: | libgcrypt-1.5.4-1.mga4.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2015-04-01 19:16:09 CEST
Submitting this update now to get it in before Mageia 4 EOL. This can be tested with gnupg2 in Bug 15483. Advisory: ======================== Updated libgcrypt packages fix security vulnerability: Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys (CVE-2015-0837). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837 http://www.ubuntu.com/usn/usn-2555-1/ ======================== Updated packages in core/updates_testing: ======================== libgcrypt11-1.5.4-1.2.mga4 libgcrypt-devel-1.5.4-1.2.mga4 from libgcrypt-1.5.4-1.2.mga4.src.rpm Assignee:
bugsquad =>
qa-bugs Testing complete Mageia 4 i586 using the procedure. Whiteboard:
has_procedure =>
has_procedure MGA4-32-OK Validating. Advisory uploaded. Please push to 4 updates Thanks Keywords:
(none) =>
validated_update An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0360.html Status:
NEW =>
RESOLVED |