USN-3417-1: Libgcrypt vulnerability
USN-3417-1: Libgcrypt vulnerability Ubuntu Security Notice USN-3417-1 14th September, 2017 libgcrypt20 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary Libgcrypt could be made to expose sensitive information. Software description libgcrypt20 – LGPL Crypto library Details Daniel Genkin, Luke Valenta, and Yuval Yarom discovered that Libgcrypt wassusceptible to an attack via side channels. A local attacker could use thisattack to recover Curve25519 private keys. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libgcrypt20 1.7.6-1ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-0379 Source: USN-3417-1: Libgcrypt vulnerability
