ALSA-2021:4409

[ALSA-2021:4409] Moderate: libgcrypt security and bug fix update

Type:

security

Severity:

moderate

Release date:

2021-11-09

Description:

The libgcrypt library provides general-purpose implementations of various cryptographic algorithms.

Security Fix(es):

* libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm (CVE-2021-33560)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages:

libgcrypt-devel-1.8.5-6.el8.x86_64.rpm
libgcrypt-devel-1.8.5-6.el8.x86_64.rpm
libgcrypt-1.8.5-6.el8.x86_64.rpm
libgcrypt-1.8.5-6.el8.x86_64.rpm
libgcrypt-devel-1.8.5-6.el8.aarch64.rpm
libgcrypt-1.8.5-6.el8.aarch64.rpm
libgcrypt-devel-1.8.5-6.el8.ppc64le.rpm
libgcrypt-1.8.5-6.el8.ppc64le.rpm

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.