Ubuntu
libgcrypt20 package

libgcrypt20 1.6.5-2ubuntu0.3 source package in Ubuntu

Changelog

libgcrypt20 (1.6.5-2ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: full RSA key recovery via side-channel attack
    - debian/patches/CVE-2017-7526-1.patch: simplify loop in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-2.patch: use same computation for square
      and multiply in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-3.patch: add exponent blinding in
      cipher/rsa.c.
    - debian/patches/CVE-2017-7526-4.patch: add free to cipher/rsa.c.
    - debian/patches/CVE-2017-7526-5.patch: add free to cipher/rsa.c.
    - CVE-2017-7526
  * SECURITY UPDATE: EdDSA key recovery via side-channel attack
    - debian/patches/CVE-2017-9526-1.patch: store EdDSA session key in
      secure memory in cipher/ecc-eddsa.c.
    - debian/patches/CVE-2017-9526-2.patch: fix SEGV and stat calculation
      src/secmem.c.
    - CVE-2017-9526

 -- Marc Deslauriers <email address hidden>  Mon, 03 Jul 2017 08:16:37 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Xenial
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
libs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
libgcrypt20_1.6.5.orig.tar.bz2 2.4 MiB f49ebc5842d455ae7019def33eb5a014a0f07a2a8353dc3aa50a76fd1dafa924
libgcrypt20_1.6.5-2ubuntu0.3.debian.tar.xz 35.6 KiB 3c29fc316e9067088cd6954a2b4c55e7955829362be9c10e09fa33b5e94f2f6c
libgcrypt20_1.6.5-2ubuntu0.3.dsc 2.6 KiB 81456ffe6f40a971beedb3ad88fcd801e24c45ec7e357b731d14f419f3f6df15

View changes file

Binary packages built by this source

libgcrypt11-dev: transitional libgcrypt11-dev package

 This is a transitional dummy package to ease the migration from
 libgcrypt11-dev to libgcrypt20-dev. You can safely remove this package.

libgcrypt20: LGPL Crypto library - runtime library

 libgcrypt contains cryptographic functions. Many important free
 ciphers, hash algorithms and public key signing algorithms have been
 implemented:
 .
 Arcfour, Blowfish, CAST5, DES, AES, Twofish, Serpent, rfc2268 (rc2), SEED,
 Camellia, IDEA, Salsa, CRC, MD4, MD5, RIPE-MD160, SHA-1, SHA-256, SHA-512,
 Tiger, Whirlpool, DSA, DSA2, ElGamal, RSA, ECC.

libgcrypt20-dbgsym: debug symbols for package libgcrypt20

 libgcrypt contains cryptographic functions. Many important free
 ciphers, hash algorithms and public key signing algorithms have been
 implemented:
 .
 Arcfour, Blowfish, CAST5, DES, AES, Twofish, Serpent, rfc2268 (rc2), SEED,
 Camellia, IDEA, Salsa, CRC, MD4, MD5, RIPE-MD160, SHA-1, SHA-256, SHA-512,
 Tiger, Whirlpool, DSA, DSA2, ElGamal, RSA, ECC.

libgcrypt20-dev: LGPL Crypto library - development files

 libgcrypt contains cryptographic functions. Many important free
 ciphers, hash algorithms and public key signing algorithms have been
 implemented:
 .
 Arcfour, Blowfish, CAST5, DES, AES, Twofish, Serpent, rfc2268 (rc2), SEED,
 Camellia, IDEA, Salsa, CRC, MD4, MD5, RIPE-MD160, SHA-1, SHA-256, SHA-512,
 Tiger, Whirlpool, DSA, DSA2, ElGamal, RSA, ECC.
 .
 This package contains header files and libraries for static linking.

libgcrypt20-dev-dbgsym: debug symbols for package libgcrypt20-dev

 libgcrypt contains cryptographic functions. Many important free
 ciphers, hash algorithms and public key signing algorithms have been
 implemented:
 .
 Arcfour, Blowfish, CAST5, DES, AES, Twofish, Serpent, rfc2268 (rc2), SEED,
 Camellia, IDEA, Salsa, CRC, MD4, MD5, RIPE-MD160, SHA-1, SHA-256, SHA-512,
 Tiger, Whirlpool, DSA, DSA2, ElGamal, RSA, ECC.
 .
 This package contains header files and libraries for static linking.

libgcrypt20-doc: LGPL Crypto library - documentation

 libgcrypt contains cryptographic functions. Many important free
 ciphers, hash algorithms and public key signing algorithms have been
 implemented:
 .
 Arcfour, Blowfish, CAST5, DES, AES, Twofish, Serpent, rfc2268 (rc2), SEED,
 Camellia, IDEA, Salsa, CRC, MD4, MD5, RIPE-MD160, SHA-1, SHA-256, SHA-512,
 Tiger, Whirlpool, DSA, DSA2, ElGamal, RSA, ECC.
 .
 This package contains developer documentation.

libgcrypt20-udeb: LGPL Crypto library - runtime library

 libgcrypt contains cryptographic functions. Many important free
 ciphers, hash algorithms and public key signing algorithms have been
 implemented:
 .
 Arcfour, Blowfish, CAST5, DES, AES, Twofish, Serpent, rfc2268 (rc2), SEED,
 Camellia, IDEA, Salsa, CRC, MD4, MD5, RIPE-MD160, SHA-1, SHA-256, SHA-512,
 Tiger, Whirlpool, DSA, DSA2, ElGamal, RSA, ECC.

libgcrypt20-udeb-dbgsym: debug symbols for package libgcrypt20-udeb

 libgcrypt contains cryptographic functions. Many important free
 ciphers, hash algorithms and public key signing algorithms have been
 implemented:
 .
 Arcfour, Blowfish, CAST5, DES, AES, Twofish, Serpent, rfc2268 (rc2), SEED,
 Camellia, IDEA, Salsa, CRC, MD4, MD5, RIPE-MD160, SHA-1, SHA-256, SHA-512,
 Tiger, Whirlpool, DSA, DSA2, ElGamal, RSA, ECC.