{"id":"MGASA-2016-0072","summary":"Updated libgcrypt packages fix security vulnerabilities","details":"Updated libgcrypt packages fix security vulnerability:\n\nDaniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that\nthe ECDH secret decryption keys in applications using the libgcrypt20 library\ncould be leaked via a side-channel attack (CVE-2015-7511).\n\nThe libgcrypt package was also updated to include countermeasures against\nLenstra's fault attack on RSA Chinese Remainder Theorem optimization in RSA.\nA signature verification step was updated to protect against leaks of private\nkeys in case of hardware faults or implementation errors in numeric\nlibraries.  This issue is equivalent to the CVE-2015-5738 issue in gnupg.\n","modified":"2026-04-16T06:24:58.294695168Z","published":"2016-02-17T19:06:01Z","upstream":["CVE-2015-7511"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0072.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=17742"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2015-09/msg00033.html"},{"type":"WEB","url":"https://www.debian.org/security/2016/dsa-3474"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=16806"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=17742"}],"affected":[{"package":{"name":"libgcrypt","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libgcrypt?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.4-5.2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0072.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}