It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "libgcrypt11-dbg": "1.5.3-2ubuntu4.6+esm1", "libgcrypt11-udeb-dbgsym": "1.5.3-2ubuntu4.6+esm1", "libgcrypt11-dbgsym": "1.5.3-2ubuntu4.6+esm1", "libgcrypt11-doc": "1.5.3-2ubuntu4.6+esm1", "libgcrypt11-dev": "1.5.3-2ubuntu4.6+esm1", "libgcrypt11-udeb": "1.5.3-2ubuntu4.6+esm1", "libgcrypt11-dev-dbgsym": "1.5.3-2ubuntu4.6+esm1", "libgcrypt11": "1.5.3-2ubuntu4.6+esm1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libgcrypt20-udeb-dbgsym": "1.6.5-2ubuntu0.6", "libgcrypt20-doc": "1.6.5-2ubuntu0.6", "libgcrypt20": "1.6.5-2ubuntu0.6", "libgcrypt20-dev": "1.6.5-2ubuntu0.6", "libgcrypt11-dev": "1.5.4-3+really1.6.5-2ubuntu0.6", "libgcrypt20-dev-dbgsym": "1.6.5-2ubuntu0.6", "libgcrypt20-dbgsym": "1.6.5-2ubuntu0.6", "libgcrypt20-udeb": "1.6.5-2ubuntu0.6" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libgcrypt-mingw-w64-dev": "1.8.1-4ubuntu1.2", "libgcrypt20-doc": "1.8.1-4ubuntu1.2", "libgcrypt20": "1.8.1-4ubuntu1.2", "libgcrypt20-dev": "1.8.1-4ubuntu1.2", "libgcrypt11-dev": "1.5.4-3+really1.8.1-4ubuntu1.2", "libgcrypt20-dev-dbgsym": "1.8.1-4ubuntu1.2", "libgcrypt20-dbgsym": "1.8.1-4ubuntu1.2", "libgcrypt20-udeb": "1.8.1-4ubuntu1.2" } ] }