Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.1903 libgcrypt patched in Debian 8 2 July 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libgcrypt20 Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Access Privileged Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-0495 Reference: ESB-2018.1780 ESB-2018.1766 Original Bulletin: https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : libgcrypt20 Version : 1.6.3-2+deb8u5 CVE ID : CVE-2018-0495 It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys. For Debian 8 "Jessie", these problems have been fixed in version 1.6.3-2+deb8u5. We recommend that you upgrade your libgcrypt20 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAls15/8ACgkQnUbEiOQ2 gwIzEBAAjF5IjFf7yX2DCfwuaISIYN0xYPcbRu7P+SfLLVK6+llipTQ7s3HYs8kz wgCSNHT2AwPq6h0ezXog5/CmR3Ayz6lMHqtMm3/2vTx32whBnf3gzhzhXWwAniU6 9fIZWXa71PZMl46S6PT0KXpfyD9hUQqQ6EggfJBrPYp4o1YQUvB9ogeqC1kHm2I4 oN+SpClRx0BVEYi6dEWmf5HbG4VOLRHAOybq6u1ZD0gOFpnKaASBLhjx9JbnjdlF XNcGfvSQL5RyP9H8kO3+AfeTu8S0a12QhuCkF07rVMjTkm43CG4MvnwQ81Nhr/Hy 3CsnrzKwtPJSxa/e94p+mOjRFEf0OpJYwAXl+DpOPGdwcrrMauiWOMv9TAemzxwI 1jTQOkz1lohRCpRyqZeev9wjF0B8CU8MbHXHaB8HwD6bhvSm9Fw8y9bDaPxvrCvU NHQrSN0kYmgBmQWTG9t9+z07+915kpbI8Bhtn57C6ibgq3E4BXj2w/0urRo9bV42 YodC1qT5f/BYTXWM5U6PUYHCklXjQmcdITPbMXK0W/JhuYaqaUoQd1z8XyAC2Db4 DJP9uKydnwEsE8ZT9BgchCXGWpCjyQEI7Z96WQH9cLQKLtlPXPx3aF6BoExMzv6N qKR2uBIHV7Vawu8sCYMDojYuXasgLOUtlfLUtwglExMMmy/6DNc= =d+JQ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWzluYGaOgq3Tt24GAQhr7w//RVcxQPp1VxLmXYpVryF4nX9ojcjSxCUY wqfOSk6Qi15pmDO11UbxeAsNG7jHZz/mD78fOl53KrhRjzgJ/jFQLzcuvJNQSR1/ QFzosjL+9pEPJonbwpOaI1NTpFn7poBi+GcDq/oTyUF/NRmban06q6KZElE8+Fds 7ciAcC6GYFyWPQE8LPrZqgNYQ2acuiGydvDTmnnFStFgmMC9XvN90+KmgOgFgtxJ O6MrOjJM9ao8T75I5nWwgm2gyRImCQEW3Nb1LoYlthFKTVJ/WTlStTW2ooqAzZBg aKvhGWz71euxqZdWnfzf4fWTJ4cH3GPVCYhtJhgS/mGZdd/WxVY4o4d0R0TO1anN fbA7jiR+ER1Npzug3Hf8jUQiTTmhi9nARi0xJ/gXflCYQxRoWZTXyEsv3LgBDMKt FXCPjAe6zhmRxmdo52FruM6vjW8rXptc/SxqYqM3JVGg/krSbf8a281Ofcfi1ENj pDZ7BlgwaT3awtzXjhI4LnXpcS4dGE+YILN2J1uXOx7LUyRvH4/yCqolKJ50qSio g7vj2h7e30AbvyT1hBZMrvYxtLg1nxB4TODSeWK904pQ17cNE1VlSeyhZfXOV/KJ I/sOZ6wobFEl/plzGYDEYzMeobFKdoAIRGGUWRUMB1IhOT1zw0htd17IMfThryWz 0TDP6yXJCDs= =y4OW -----END PGP SIGNATURE-----