Debian 10225 Published by

A libgcrypt11 security update has been released for Debian 6 LTS



Package : libgcrypt11
Version : 1.4.5-2+squeeze2
CVE ID : CVE-2014-5270

Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamal
encryption subkeys in applications using the libgcrypt11 library, for
example GnuPG 2.x, could be leaked via a side-channel attack (see
http://www.cs.tau.ac.il/~tromer/handsoff/).

This is fixed in Squeeze in version 1.4.5-2+squeeze2.

We recommend that you upgrade your libgcrypt11 packages.
  DLA 93-1: libgcrypt11 security update