SB2019082930 - Cryptographic issues in libgcrypt (Alpine package)
Published: August 29, 2019
Security Bulletin ID
SB2019082930
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Cryptographic issues (CVE-ID: CVE-2019-13627)
The vulnerability allows a remote attacker to perform timing attack.
The vulnerability exists due to an error within the libgcrypt20 cryptographic library. A remote attacker can perform ECDSA timing attack.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=1c4658e647d8946733688266ebe9784f71859fb6
- https://git.alpinelinux.org/aports/commit/?id=ccc5650a362772557233ed732836c17e9f2524e7
- https://git.alpinelinux.org/aports/commit/?id=4edee7eef800091770a3def2296f36d9f9b8778d
- https://git.alpinelinux.org/aports/commit/?id=a8034aa3511680d7996e46d4cb0656d4d32df01d
- https://git.alpinelinux.org/aports/commit/?id=f9cd8fbac76e354ca5b9d415cd4992375389bb31