GLSA-201408-10 : Libgcrypt: Side-channel attack
Low Nessus Plugin ID 77454
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201408-10 (Libgcrypt: Side-channel attack)
A vulnerability in the implementation of ElGamal decryption procedures of Libgcrypt leaks information to various side-channels.
A physical side-channel attack allows a remote attacker to fully extract decryption keys during the decryption of a chosen ciphertext.
There is no known workaround at this time.
SolutionAll Libgcrypt users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-libs/libgcrypt-1.5.4'