-
Security Vulnerability
-
Resolution: Fixed
-
Severe (Users)
-
None
-
None
-
None
-
security impact.
{ "id": "CVE-2021-33560", "is_known_exploited_vuln": false, "tickets": [], "description": "Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-33560", "https://dev.gnupg.org/T5466", "https://dev.gnupg.org/rCe8b7f10be275bcedb5fc05ed4837a89bfd605c61", "https://dev.gnupg.org/T5305", "https://dev.gnupg.org/T5328", "https://lists.debian.org/debian-lts-announce/2021/06/msg00021.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7OAPCUGPF3VLA7QAJUQSL255D4ITVTL/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BKKTOIGFW2SGN3DO2UHHVZ7MJSYN4AAB/", "https://www.oracle.com/security-alerts/cpuoct2021.html", "https://www.oracle.com/security-alerts/cpujan2022.html", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujul2022.html" ] } { "id": "CVE-2021-40528", "is_known_exploited_vuln": false, "tickets": [], "description": "The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-40528", "https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1", "https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2", "https://eprint.iacr.org/2021/923", "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=3462280f2e23e16adf3ed5176e0f2413d8861320" ] }
I think we shoult insert to portage autogen for LTS and standard version
Current version eliminate above cve
- relates to
-
FL-10620 sys-fs/cryptsetup-2.5.0 fails to link
- Closed