Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libgcrypt11-dbg": "1.5.3-2ubuntu4.1", "libgcrypt11-udeb": "1.5.3-2ubuntu4.1", "libgcrypt11-doc": "1.5.3-2ubuntu4.1", "libgcrypt11": "1.5.3-2ubuntu4.1", "libgcrypt11-dev": "1.5.3-2ubuntu4.1" } ] }