Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2015-7511

Published: 31 December 2015

Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.

Priority

Medium

Cvss 3 Severity Score

2.0

Score breakdown

Status

Package Release Status
libgcrypt11
Launchpad, Ubuntu, Debian 		artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

precise
Released (1.5.0-3ubuntu0.5)
trusty
Released (1.5.3-2ubuntu4.3)
upstream Needs triage

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

Patches:
upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=fcbb9fcc2e6983ea61bf565b6ee2e29816b8cd57




libgcrypt20
Launchpad, Ubuntu, Debian 		artful Not vulnerable
(1.6.5-2)
bionic Not vulnerable
(1.6.5-2)
cosmic Not vulnerable
(1.6.5-2)
disco Not vulnerable
(1.6.5-2)
precise Does not exist

trusty Does not exist
(trusty was needed)
upstream
Released (1.6.5)
wily
Released (1.6.3-2ubuntu1.1)
xenial Not vulnerable
(1.6.5-2)
yakkety Not vulnerable
(1.6.5-2)
zesty Not vulnerable
(1.6.5-2)
Patches:

upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=28eb424e4427b320ec1c9c4ce56af25d495230bd
upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=070f0c4e14298c53785ea8caa8db71e30d134a1d
upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=de7db12fa04016e12dffb2b678632f45eba15ec4
upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=72b0d74103fef216479f97f9d5fe23e95f6b3ccc

Severity score breakdown

Parameter Value
Base score 2.0
Attack vector Physical
Attack complexity High
Privileges required None
User interaction None
Scope Unchanged
Confidentiality Low
Integrity impact None
Availability impact None
Vector CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading