oss-sec mailing list archives

CVE request: libgcrypt, ELGAMAL side-channel attack

From: Murray McAllister <mmcallis () redhat com>
Date: Mon, 11 Aug 2014 14:50:13 +1000

Hi,

libgcrypt older than 1.6.0, and older than 1.5.4, are vulnerable to aELGAMAL side-channel attack:


http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html

https://lists.fedoraproject.org/pipermail/security-team/2014-August/000055.html

(This may be similar sort of issue to CVE-2013-4242.)

Can a CVE please be a assigned if one has not been already?

Thanks,

--
Murray McAllister / Red Hat Product Security

https://bugzilla.redhat.com/show_bug.cgi?id=988589
https://bugzilla.redhat.com/show_bug.cgi?id=1128531

Current thread:

CVE request: libgcrypt, ELGAMAL side-channel attack Murray McAllister (Aug 10)
- Re: CVE request: libgcrypt, ELGAMAL side-channel attack cve-assign (Aug 15)