Release Info

Advisory: CLSA-2023:1698945053

OS: CentOS 7 ELS

Public date: 2023-11-02 13:10:55

Project: libgcrypt

Version: 1.5.3-14.el7.tuxcare.els1

Errata link: https://errata.tuxcare.com/centos7-els/CLSA-2023-1698945053.html

Changelog

- CVE-2013-4576: Normalize the MPIs to prevent possible side-channel attacks - CVE-2014-3591: Use ciphertext blinding for Elgamal to prevent possible side-channel attacks - CVE-2021-33560: Use of smaller K for ephemeral key in ElGamal prevent generation of weak keys - CVE-2021-40528: Add exponent blinding as well to mitigate side-channel attack on mpi_powm - tests: Add a benchmark for Elgamal

Update

Update command: yum update libgcrypt*

Packages list

libgcrypt-1.5.3-14.el7.tuxcare.els1.i686.rpm libgcrypt-1.5.3-14.el7.tuxcare.els1.x86_64.rpm libgcrypt-devel-1.5.3-14.el7.tuxcare.els1.i686.rpm libgcrypt-devel-1.5.3-14.el7.tuxcare.els1.x86_64.rpm

CVEs

CVE-2021-40528
CVE-2014-3591
CVE-2021-33560
CVE-2013-4576