{"id":"USN-2555-1","summary":"libgcrypt11, libgcrypt20 vulnerabilities","details":"Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered\nthat Libgcrypt was susceptible to an attack via physical side channels. A\nlocal attacker could use this attack to possibly recover private keys.\n(CVE-2014-3591)\n\nDaniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was\nsusceptible to an attack via physical side channels. A local attacker could\nuse this attack to possibly recover private keys. (CVE-2015-0837)\n","modified":"2026-04-22T09:10:39.290222Z","published":"2015-04-01T13:28:51Z","related":["UBUNTU-CVE-2014-3591","UBUNTU-CVE-2015-0837"],"upstream":["CVE-2014-3591","CVE-2015-0837","UBUNTU-CVE-2014-3591","UBUNTU-CVE-2015-0837"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2555-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3591"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0837"}],"affected":[{"package":{"name":"libgcrypt11","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/libgcrypt11@1.5.3-2ubuntu4.2?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.3-2ubuntu4.2"}]}],"versions":["1.5.0-3ubuntu3","1.5.3-2ubuntu1","1.5.3-2ubuntu4","1.5.3-2ubuntu4.1"],"ecosystem_specific":{"binaries":[{"binary_name":"libgcrypt11","binary_version":"1.5.3-2ubuntu4.2"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2555-1.json","cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2014-3591"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2015-0837"}],"ecosystem":"Ubuntu:14.04:LTS"}}}],"schema_version":"1.7.5"}