Operating System:

[Debian]

Published:

25 September 2019

Protect yourself against future threats.

//Service

Early Warning SMS

Receive SMS notifications for the most critical security threats and vulnerabilities.

Read more
Resources > Security Bulletins > ESB-2019.3598 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.3598
            [SECURITY] [DLA 1931-1] libgcrypt20 security update
                             25 September 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           libgcrypt20
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Access Privileged Data -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-13627  

Reference:         ESB-2019.3454
                   ESB-2019.3337

Original Bulletin: 
   https://www.debian.org/lts/security/2019/dla-1931

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libgcrypt20
Version        : 1.6.3-2+deb8u6
CVE ID         : CVE-2019-13627
Debian Bug     : #938938

It was discovered that there was a ECDSA timing attack in the
libgcrypt20 cryptographic library.

For Debian 8 "Jessie", this issue has been fixed in libgcrypt20 version
1.6.3-2+deb8u6.

We recommend that you upgrade your libgcrypt20 packages.


Regards,

- - -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl2KOOkACgkQHpU+J9Qx
HlhH0Q//TZp2z8s88tMQLVnMT2+/FaLr7zFnha6J1/NT8bydC0NiVom8u1FEdVJY
bkPXuJ0FAWohsWkvlTO+EY+8nJTwQxTdxT0WY9QGlUsx8eG84Q+oD72LZHjgM7Cm
/wWCxKr2ohwz2ec6Qf0q7++yDSPBHAcQd1vmgr/DkhgYpbtLjBxIty0LuKjTIM/w
0A+JXltrrXUJ5lEdRmCY3aU3fAaP+HpRuS7mNg9cHN9i7Mkb5j7EkopxHhY0kUdP
YkdEXTxm/0Ci9iPnA3yqoIdoTaldzK9MK/QRPJZN/GXVlm1QGtMQ743bAAp7jWSS
8MqAtgWCRWiApNW3Rw+OBHIzXLdum5ydngb6c1alABFOCJ/reTT8kv042PI4ellB
zxzWHoQQhz4a2Ylha2J6WRoK3dEWi5B9dejajil6dq+z0euiy3oXVmDBSEbOlXas
K/jAa6TjEm+/86gVFzUpqJGol4fPwpXsrqi46hwd3teAn8bMYRs6c9h0QgI4bj24
RqFN0V8UixzmmLQRIgOcH4+S1BYcrLqzdoarY6qRthGeb8paGqimYMAI42/6RerB
IPPuMqwsND1ysSMjM/r5sTN+6DOGMsuxF7hMmpPjADvPbTdym5iH5CiM6usWWiqS
qsNOQhWySJIhsQXLwe32PLbcG+1ElgwwH4NawYQwDRs5xnRvJfM=
=YET7
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXYqtsmaOgq3Tt24GAQi7qBAAw0C92+DNNt6fhDKggIwB6XNbiQ5i9vkM
SB4iTelwupPJ/XCI+nNYzh6cZOyUB/YBwIyYkfqDRssA5oSIwBKAcGNRjdToVpFC
PLot9avAdSj9UCYKdFE9BozosJjMQHL4zZDfkU8DOYKm0sDVyeyvIbm8cPAoskqw
/TiaSBh3AeiBsGnA6kZwYVeu6pp1RV0pwK7fE9KKYtrRdEcIjuBiYtfqMk6avMPr
pSwIV/SqZIBy0uqluRfpTRXzTgj0ylnrZQIKPXk924QdRENlOQlM96XCLBx8CKPI
Jw8snBTk+BtoCCtZgiET0W27l+HyrlJzYzVjxg4O/V6vuK8QCnG/dfLR630ipbpG
NvEQmyNP9fJehpPccJrpAh6z/4wiAzCDuWyX4m6J+5v/575onmqNEvv30YH0FVDd
dgWgRSLMqCwUAWKJoPVuZfW5gXEm4qgdWq0xlo9cdUc0a08aSPCXkkqu0lavrp5T
k38GAJNBODW2D63HhBly9kmJMZPSX47MaII00PnZ9fSy39L0BalW6dUbDkdKG1NF
SWihF9q2Up0JPRfBycQXoPca4l9Mz3pPTU5bACQMDv32JZsoXPouR50is8TeBll/
1BIbr1iN497wHPtlCsyYIGeckaUDoHJDV655ddRjlBBle08QiCpvbxFfGhR1lrcD
tbN8ZfCNBtg=
=9Man
-----END PGP SIGNATURE-----