Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "low", "binaries": [ { "libgcrypt20-udeb-dbgsym": "1.6.5-2ubuntu0.6+esm1", "libgcrypt20-doc": "1.6.5-2ubuntu0.6+esm1", "libgcrypt20": "1.6.5-2ubuntu0.6+esm1", "libgcrypt20-dev": "1.6.5-2ubuntu0.6+esm1", "libgcrypt11-dev": "1.5.4-3+really1.6.5-2ubuntu0.6+esm1", "libgcrypt20-dev-dbgsym": "1.6.5-2ubuntu0.6+esm1", "libgcrypt20-dbgsym": "1.6.5-2ubuntu0.6+esm1", "libgcrypt20-udeb": "1.6.5-2ubuntu0.6+esm1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "libgcrypt-mingw-w64-dev": "1.8.1-4ubuntu1.3", "libgcrypt20-doc": "1.8.1-4ubuntu1.3", "libgcrypt20": "1.8.1-4ubuntu1.3", "libgcrypt20-dev": "1.8.1-4ubuntu1.3", "libgcrypt11-dev": "1.5.4-3+really1.8.1-4ubuntu1.3", "libgcrypt20-dev-dbgsym": "1.8.1-4ubuntu1.3", "libgcrypt20-dbgsym": "1.8.1-4ubuntu1.3", "libgcrypt20-udeb": "1.8.1-4ubuntu1.3" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "libgcrypt-mingw-w64-dev": "1.8.5-5ubuntu1.1", "libgcrypt20-doc": "1.8.5-5ubuntu1.1", "libgcrypt20": "1.8.5-5ubuntu1.1", "libgcrypt20-dev": "1.8.5-5ubuntu1.1", "libgcrypt20-dev-dbgsym": "1.8.5-5ubuntu1.1", "libgcrypt20-dbgsym": "1.8.5-5ubuntu1.1", "libgcrypt20-udeb": "1.8.5-5ubuntu1.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "libgcrypt-mingw-w64-dev": "1.8.7-5ubuntu2", "libgcrypt20-doc": "1.8.7-5ubuntu2", "libgcrypt20-dev-dbgsym": "1.8.7-5ubuntu2", "libgcrypt20": "1.8.7-5ubuntu2", "libgcrypt20-dbgsym": "1.8.7-5ubuntu2", "libgcrypt20-dev": "1.8.7-5ubuntu2" } ] }