CVE-2014-3591

NameCVE-2014-3591
Descriptionsidechannel attack on Elgamal
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-175-1, DLA-190-1, DSA-3184-1, DSA-3185-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gnupg (PTS)wheezy1.4.12-7+deb7u7fixed
wheezy (security)1.4.12-7+deb7u9fixed
jessie1.4.18-7+deb8u3fixed
jessie (security)1.4.18-7+deb8u4fixed
libgcrypt11 (PTS)wheezy1.5.0-5+deb7u4fixed
wheezy (security)1.5.0-5+deb7u6fixed
libgcrypt20 (PTS)jessie (security), jessie1.6.3-2+deb8u4fixed
stretch (security), stretch1.7.6-2+deb9u2fixed
buster, sid1.7.9-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gnupgsource(unstable)1.4.18-7
gnupgsourcesqueeze1.4.10-4+squeeze7DLA-175-1
gnupgsourcewheezy1.4.12-7+deb7u7DSA-3184-1
libgcrypt11source(unstable)(unfixed)
libgcrypt11sourcesqueeze1.4.5-2+squeeze3DLA-190-1
libgcrypt11sourcewheezy1.5.0-5+deb7u3DSA-3185-1
libgcrypt20source(unstable)1.6.3-2

Notes

http://www.cs.tau.ac.il/~tromer/radioexp/
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=ff53cf06e966dce0daba5f2c84e03ab9db2c3c8b

Search for package or bug name: Reporting problems