Debian has issued an advisory on August 29: https://www.debian.org/security/2017/dsa-3959 Mageia 6 is also affected. I don't believe Mageia 5 is affected.
Whiteboard: (none) => MGA6TOO
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
Patched package uploaded for cauldron and Mageia 6. Advisory: ======================== Patched libgcrypt package fixes security vulnerability: It was discovered that libgcrypt is prone to a local side-channel attack against the ECDH encryption with Curve25519, allowing recovery of the private key. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0379 https://security-tracker.debian.org/tracker/CVE-2017-0379 ======================== Updated packages in core/updates_testing: ======================== lib[64]gcrypt20-1.7.8-1.1.mga6 lib[64]gcrypt-devel-1.7.8-1.1.mga6 from libgcrypt-1.7.8-1.1.mga6.src.rpm Testing information found in https://bugs.mageia.org/show_bug.cgi?id=21178
Assignee: pkg-bugs => qa-bugsCC: (none) => mramboWhiteboard: MGA6TOO => has_procedureVersion: Cauldron => 6
$ uname -a Linux localhost 4.9.43-desktop-1.mga6 #1 SMP Sun Aug 13 15:52:35 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux Rpmdrake or one of its priority dependencies needs to be updated first. Rpmdrake will then restart. The following 14 packages are going to be installed: - fsarchiver-0.8.1-1.mga6.x86_64 - lib64aio1-0.3.110-4.mga6.x86_64 - lib64gcrypt-devel-1.7.8-1.1.mga6.x86_64 - lib64gcrypt20-1.7.8-1.1.mga6.x86_64 - lib64gpg-error-devel-1.24-1.mga6.x86_64 - lib64rpm7-4.13.0.1-3.1.mga6.x86_64 - lib64rpmsign7-4.13.0.1-3.1.mga6.x86_64 - python2-rpm-4.13.0.1-3.1.mga6.x86_64 - python3-rpm-4.13.0.1-3.1.mga6.x86_64 - qt5-fsarchiver-0.8.1.1-1.mga6.x86_64 - rpm-4.13.0.1-3.1.mga6.x86_64 - samba-4.6.7-1.mga6.x86_64 - sshfs-fuse-2.5-4.mga6.x86_64 - sshpass-1.05-4.mga6.x86_64 6.1MB of additional disk space will be used. 2.8MB of packages will be retrieved. Is it ok to continue? ---- using Qt5-Fsarchiver I was able to archive a directory using encryption and restore it to another folder. Without specifying decryption, the volume was protected and not able to be restored.
CC: (none) => brtians1
Whiteboard: has_procedure => has_procedure mga6-64-ok
Thanks Brian. Validating as it is a 64-bit OK. Advisory ex comment 2.
Keywords: (none) => advisory, validated_updateCC: (none) => lewyssmith, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0334.html
Status: NEW => RESOLVEDResolution: (none) => FIXED