USN-3347-2: Libgcrypt vulnerability
USN-3347-2: Libgcrypt vulnerability Ubuntu Security Notice USN-3347-2 17th July, 2017 libgcrypt11 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in Libgcrypt. Software description libgcrypt11 – LGPL Crypto library Details USN-3347-1 fixed a vulnerability in Libgcrypt. This update provides thecorresponding update for Ubuntu 12.04 ESM. Original advisory details: Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to recover RSA private keys. (CVE-2017-7526) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: libgcrypt11 1.5.0-3ubuntu0.7 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update [ more… ]
