CVE-2015-7511

Published: 31 December 2015

Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.

Priority

Medium

CVSS 3 base score: 2.0

Status

Package Release Status
libgcrypt11
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.5.3-2ubuntu4.3)
Patches:
Upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=fcbb9fcc2e6983ea61bf565b6ee2e29816b8cd57
libgcrypt20
Launchpad, Ubuntu, Debian
Upstream
Released (1.6.5)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1.6.5-2)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(1.6.5-2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
Patches:
Upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=28eb424e4427b320ec1c9c4ce56af25d495230bd
Upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=070f0c4e14298c53785ea8caa8db71e30d134a1d
Upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=de7db12fa04016e12dffb2b678632f45eba15ec4
Upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=72b0d74103fef216479f97f9d5fe23e95f6b3ccc