CVE-2015-0837

Published: 02 March 2015

The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."

Priority

CVSS 3 base score: 5.9

Status

Package	Release	Status
gnupg Launchpad, Ubuntu, Debian	Upstream	Released (1.4.18-7)





	Ubuntu 14.04 ESM (Trusty Tahr)	Released (1.4.16-1ubuntu2.3)
	Patches: Upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=6cbc75e71295f23431c4ab95edc7573f2fc28476
libgcrypt11 Launchpad, Ubuntu, Debian	Upstream	Needed





	Ubuntu 14.04 ESM (Trusty Tahr)	Released (1.5.3-2ubuntu4.2)
libgcrypt20 Launchpad, Ubuntu, Debian	Upstream	Released (1.6.3-2)





	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was released [1.6.1-2ubuntu1.14.04.1])
	Patches: Upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=deb6f231ba85f65283c9e1deb3e2dea3b6ca46dc Upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=d9f002899d26dc64f1502ae5050632340a4780fe Upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=5e72b6c76ebee720f69b8a5c212f52d38eb50287

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

CVE-2015-0837

Low

Status

References

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading