libgcrypt - Arch Linux
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1044 | 1.8.4-1 | 1.8.5-1 | High | Fixed | |
| AVG-719 | 1.8.2-1 | 1.8.3-1 | High | Fixed | |
| AVG-402 | 1.8.0-1 | 1.8.1-1 | Medium | Fixed | |
| AVG-338 | 1.7.7-1 | 1.7.8-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2019-13627 | AVG-1044 | High | Yes | Private key recovery | A vulnerability has been found in the ECDSA/EdDSA implementation of libgcrypt up to 1.8.4, allowing for practical recovery of the long- term private key. |
| CVE-2018-0495 | AVG-719 | High | No | Private key recovery | An implementation flaw has been discovered in multiple cryptographic libraries that allows a side-channel based attacker to recover ECDSA or DSA private... |
| CVE-2017-7526 | AVG-338 | High | No | Private key recovery | The pattern of squarings and multiplications in left-to-right sliding windows in libgcrypt <= 1.7.7 leaks significant information about exponent bits,... |
| CVE-2017-0379 | AVG-402 | Medium | No | Private key recovery | Libgcrypt before 1.8.1 does not properly consider Curve25519 side- channel attacks, which makes it easier for attackers to discover a secret key, related to... |
Advisories
| Date | Advisory | Group | Severity | Description |
|---|---|---|---|---|
| 16 Jun 2018 | ASA-201806-10 | AVG-719 | High | private key recovery |
| 18 Sep 2017 | ASA-201709-13 | AVG-402 | Medium | private key recovery |
| 03 Jul 2017 | ASA-201707-1 | AVG-338 | High | private key recovery |