Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.0356 libgcrypt20 security update 15 February 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libgcrypt20 Publisher: Debian Operating System: Debian GNU/Linux 8 UNIX variants (UNIX, Linux, OSX) Impact/Access: Access Privileged Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2015-7511 Original Bulletin: http://www.debian.org/security/2016/dsa-3474 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running libgcrypt20 check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3474-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 12, 2016 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libgcrypt20 CVE ID : CVE-2015-7511 Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that the ECDH secret decryption keys in applications using the libgcrypt20 library could be leaked via a side-channel attack. See https://www.cs.tau.ac.IL/~tromer/ecdh/ for details. For the stable distribution (jessie), this problem has been fixed in version 1.6.3-2+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 1.6.5-2. We recommend that you upgrade your libgcrypt20 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWvgDSAAoJEAVMuPMTQ89EfVEQAJZ3bwB0ZO+tTUPUahth+4fn niMtdvanTiUULdG6atiXTIh5lNrF5DrunuYnezuI/a6uwyBTbPnjDtpfVMssfOO2 qdfz2aDSnI2/cvNAYQ1W0ZOzYBM9qOhOraUliOqvFoi/cAecZGQEHyAl01VLVHPq jb4Z8QxsS3kCoGz0wOfRCPLAlub9yhyKw3zhr4UCVNZ1eLbmP5bInzFaWO7/mfRo 0mJQo0sWBXI1lCcvKFZQHx7b6sIsv80CJ5N/+A2rjykQmM9vEHHz2IiUXf+fCqEQ fDePCTXLNQbNBP6kS2zlQJNbon45OaY7YdjDPrPrOhrAeaSMDO3H2iFa+fiEkjmG QDxAB86GtmUOi0Uujc/oZVIkp6b3AMhJDmflxHDn47tRVp6CEkGgvPWNurbUt6h4 BQJEMCQA2j1qVSKWS5F7SzxfuO3VU5JT10QBtMNPsb/nzT0yY3JKWoBW2eyHrpiB h9co0xS5Z9SN+jpJJuCeK4pfrr+xwGcqSxe2hHnT6nqMlsvCEE+k/nRKOC3+03u/ zEZkcQ5qrCJ/l2zCResbeWTM+gYk+OeTkpyuaJwcp6C6mdNq69BG3LUfngP+r871 /Gr0ggtu3TBQlZ4orlSLOTOvf2pJ8pizMOTZrG2cPivTjLOGduqKrfbjxK3bo8ve oOpgoyfI9/Ncl0qtkVPb =CRM8 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVsEqin6ZAP0PgtI9AQLmdQ//XAQxgRagT84xZ/IqjgS3qZf4H/WWXaIL jP/9spVrsWRSxfjxeK9RFHKY8Eg3jbeFZ/S1TQlXqnrxw2MHQie101g1B91dS4q+ q2Pli0uAG+JDhT0fJnL4Vw7eBAqtRr7XnsFy+1JjrsYHbgRi+xVx+qbIXytuZlyP cda7nBAvcjKiT8suYwZre0lPt3MH5CRGI74DG+9LK7gqqCaLRTxG6ixkW1x7XfVc +qLELRdbNcmpRUEFPGTWpeso8WOXsAsN4zI810KSbApyhD4FIaTT0n6F0rbUC+2Z EVmAQYvkdzLyfJ82tjPHsDvpKgnTeQBuFMeeQwj4idesMLyYpPeeZkqBOc7nsSYS yr7UZpmlwDwzpkJlJHuJFJBM00wnRjVhnEso4zgBWSefBw0oZo7DhT+vv70WHONx hp3MQhPXEe2gGN015D+51cSIY5xyIAyK7nLmZ1/i2NAtyu/zI0GpKLieHXFEwBja cBuKQFu/vfH3L/BY2xD1J6RRo19NiB2WWsmAQFA1UyfOEdM84Kx4RsKzFD+k53Cv zRqOP+2XbyGRarqXUOF6CwODTAEKNpE9BMKvCjhifqa/Rmey0vIbUKiEu58UqXEG ZRVxNZTaHAIEwktaDA+lDsrFed7LBSSdypHOV/YsXUgptDo4nbaIeTNZA6tWxpzl PVTn52M4VAU= =+6H3 -----END PGP SIGNATURE-----