USN-2555-1: Libgcrypt vulnerabilities

01 April 2015

Several security issues were fixed in Libgcrypt.

Releases

Packages

Details

Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered
that Libgcrypt was susceptible to an attack via physical side channels. A
local attacker could use this attack to possibly recover private keys.
(CVE-2014-3591)

Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was
susceptible to an attack via physical side channels. A local attacker could
use this attack to possibly recover private keys. (CVE-2015-0837)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.10
Ubuntu 14.04
Ubuntu 12.04
Ubuntu 10.04

In general, a standard system update will make all the necessary changes.

Related notices