libgcrypt has been released on August 29, fixing a security issue: https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000440.html Mageia 6 may also be affected.
CC: (none) => geiger.david68210
Done for mga7! As upstream do not fixed this CVE in 1.7 branch, probably it is not affected??
Advisory: ======================== Updated libgcrypt packages fix security vulnerability: ECDSA timing side-channel attack vulnerability (CVE-2019-13627). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2019-13627 https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000440.html ======================== Updated packages in core/updates_testing: ======================== libgcrypt20-1.8.5-1.mga7 libgcrypt-devel-1.8.5-1.mga7 from libgcrypt-1.8.5-1.mga7.src.rpm
Assignee: bugsquad => qa-bugs
$ uname -a Linux localhost 5.2.10-desktop-1.mga7 #1 SMP Sun Aug 25 17:14:00 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux The following 3 packages are going to be installed: - lib64gcrypt-devel-1.8.5-1.mga7.x86_64 - lib64gcrypt20-1.8.5-1.mga7.x86_64 - lib64gpg-error-devel-1.36-1.mga7.x86_64 1.1MB of additional disk space will be used. 779KB of packages will be retrieved. ------------------ I used the following source code to compile https://gitlab.tnichols.org/tyler/gcrypt/tree/master ./encrypt_decrypt encrypt ./sometext.txt ./sometext.pgp brianwashere $ cat sometext.pgp n�O #�{�;X���x(�_Î��-���-�Y�����#�pT;��oR0�`�����Z �)�M,�▒�e������At�TGKπ{;�x��T▒�AOQ~I�.?��PR��y E&m3'�)��� ��0���d~/��=K�j_4�"�Į���M�:8+�<��య�"�j� $ ./encrypt_decrypt decrypt ./sometext.pgp ./sometext2.txt brianwashere Valid HMAC found $ cat sometext2.txt This is some text to be encrypted. Note this application is not safe for production, but is a good simple test. The decrypted output file is larger due to block sizes. The library is working from my perspective.
CC: (none) => brtians1Whiteboard: (none) => MGA7-64-OK
Keywords: (none) => advisory, validated_updateCC: (none) => tmb, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0256.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
I believe this also fixed CVE-2019-12904: https://lists.opensuse.org/opensuse-updates/2019-07/msg00121.html