==========================================================================

Ubuntu Security Notice USN-3417-1

September 14, 2017



libgcrypt20 vulnerability

==========================================================================



A security issue affects these releases of Ubuntu and its derivatives:



- Ubuntu 17.04



Summary:



Libgcrypt could be made to expose sensitive information.



Software Description:

- libgcrypt20: LGPL Crypto library



Details:



Daniel Genkin, Luke Valenta, and Yuval Yarom discovered that Libgcrypt was

susceptible to an attack via side channels. A local attacker could use this

attack to recover Curve25519 private keys.



Update instructions:



The problem can be corrected by updating your system to the following

package versions:



Ubuntu 17.04:

libgcrypt20 1.7.6-1ubuntu0.2



In general, a standard system update will make all the necessary changes.



References:

https://www.ubuntu.com/usn/usn-3417-1

CVE-2017-0379



Package Information:

https://launchpad.net/ubuntu/+source/libgcrypt20/1.7.6-1ubuntu0.2







