Debian Security Advisory DSA-3959-1

https://www.debian.org/security/ Salvatore Bonaccorso

August 29, 2017

Package : libgcrypt20

CVE ID : CVE-2017-0379

Debian Bug : 873383



Daniel Genkin, Luke Valenta and Yuval Yarom discovered that Libgcrypt

is prone to a local side-channel attack against the ECDH encryption with

Curve25519, allowing recovery of the private key.



See https://eprint.iacr.org/2017/806 for details.



For the stable distribution (stretch), this problem has been fixed in

version 1.7.6-2+deb9u2.



For the unstable distribution (sid), this problem has been fixed in

version 1.7.9-1.



We recommend that you upgrade your libgcrypt20 packages.



