Debian 10261 Published by

A libgcrypt20 security update has been released for Debian GNU/Linux 8 Extended LTS to address a mishandling of ElGamal encryption results in a possible side-channel attack and an interoperability problem with keys not generated by GnuPG/libgcrypt.



ELA-444-1 libgcrypt20 security update

Package libgcrypt20
Version 1.6.3-2+deb8u9
Related CVEs CVE-2021-33560

An issue has been found in libgcrypt20, a crypto library. Mishandling of ElGamal encryption results in a possible side-channel attack and an interoperability problem with keys not generated by GnuPG/libgcrypt.

For Debian 8 jessie, these problems have been fixed in version 1.6.3-2+deb8u9.

We recommend that you upgrade your libgcrypt20 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-444-1 libgcrypt20 security update