FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libgcrypt -- side-channel attack vulnerability

Affected packages
libgcrypt < 1.8.3

Details

VuXML ID 9b5162de-6f39-11e8-818e-e8e0b747a45a
Discovery 2018-06-13
Entry 2018-06-13
Modified 2018-06-14

GnuPG reports:

Mitigate a local side-channel attack on ECDSA signature as described in the white paper "Return on the Hidden Number Problem".

References

CVE Name CVE-2018-0495
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495
URL https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.4-relnotes.txt
URL https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/