-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3478-1 security@xxxxxxxxxx https://www.debian.org/security/ Salvatore Bonaccorso February 15, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libgcrypt11 CVE ID : CVE-2015-7511 Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that the ECDH secret decryption keys in applications using the libgcrypt11 library could be leaked via a side-channel attack. See https://www.cs.tau.ac.IL/~tromer/ecdh/ for details. For the oldstable distribution (wheezy), this problem has been fixed in version 1.5.0-5+deb7u4. We recommend that you upgrade your libgcrypt11 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWwh9bAAoJEAVMuPMTQ89ERtwP/0kJcy66nl8rTu7Y/5MnVyJi jotYMdxZcNBqcZDKkQl8soZSzTgpYlRrnfdAZrxqr9FbHxvrA40z775hzG8fdwGx qIljTfeE1Wk5WCqEkX/381VByIpFtE80FKPgxYjdorkWiglgRWkeOwCj875MneWB l9mU1C2k+WCz9jXpSYzqiOECkDcMNmclPhoYZuWfkIdIg3w8Mdz1/4Uj2+jqQ/qD 6qSes8VVL7+pl947QOZ2n/daPzD3vmS1GeHNawC8NqqA5WwREcAq/QVAt8PSFPoY Qwh6YPGiKO0L6JMKPIT2JGxaWlij2PQBeEOnemejlsF4BZsOVoCH24gmknQMCIWv 9pXmJ9VtyQjrC6knVinTwUSQMNzWZZl3zDzF0kVMGM0kIJ5key/6Ruxmc1IuqXWm P9TMUOWARjGU9vw1IQgatSjErTl3Iti0oPasaS7P670IUZptGdqqQOMhniRDGU/c pHEq2l1DXQY4gu7P71ZJLQBY8L4vVyhlRKS38hXL484z5Pw+bgMvn0Oh9h6lapLL 6Ffh2x9qLrTSWYY/M4cMOLwQ50D+0KHlEjA6aQDtctaYCsFcc19Sqr66uxsBUQeU /OOA3oCdyIafaeD3ehUDpnyrhkQ0Z7D9rpkO+roQ+9H1QVYNby0XCFSbnqtjqgVt 1so9Evkrb7vVbH7B/u71 =i1hO -----END PGP SIGNATURE-----
