libgcrypt-1.8.5-7.el8

エラータID: AXSA:2022-3676:01

Release date: 
Monday, August 15, 2022 - 12:24
Subject: 
libgcrypt-1.8.5-7.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The libgcrypt library provides general-purpose implementations of various
cryptographic algorithms.

Security Fix(es):

* libgcrypt: ElGamal implementation allows plaintext recovery (CVE-2021-40528)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2021-40528
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery
because, during interaction between two cryptographic libraries, a certain
dangerous combination of the prime defined by the receiver's public key, the
generator defined by the receiver's public key, and the sender's ephemeral
exponents can lead to a cross-configuration attack against OpenPGP.

Solution: 

Update packages.

CVEs: 
CVE-2021-40528
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
Additional Info: 

N/A

Download: 

SRPMS
  1. libgcrypt-1.8.5-7.el8.src.rpm
    MD5: 401d98770149ddc4b8154467945fda19
    SHA-256: e88710b9518de5ae611fef257ae76af4c5248cafb6ed41396e8fdc8e01496303
    Size: 2.66 MB

Asianux Server 8 for x86_64
  1. libgcrypt-1.8.5-7.el8.x86_64.rpm
    MD5: 3b64da099ad56b52229ecc4f6c999319
    SHA-256: b5c7c5a46eb16e9e26846c46aebbb705d09f336717a974e6d3347e24ea90db62
    Size: 461.69 kB
  2. libgcrypt-devel-1.8.5-7.el8.x86_64.rpm
    MD5: 41465be33e00c3f5e883088d0d52b844
    SHA-256: 10d744c1a732e45ded90d50a0a57786c35a67d0325ade2f9a8588ef13bd9abe5
    Size: 148.51 kB
  3. libgcrypt-1.8.5-7.el8.i686.rpm
    MD5: 6a941d19ce46a3c78bea553f1516dafd
    SHA-256: df7be59ca018f52cc05c37ecdec0b450595a22dfbe7a87956b64a555cab4fd10
    Size: 444.83 kB
  4. libgcrypt-devel-1.8.5-7.el8.i686.rpm
    MD5: eda789685bf613c050996c9097271ea2
    SHA-256: 701995bab5492e257b616a9e12e875a55d19db2f7c3a2c6c8502ba645ea267a8
    Size: 148.67 kB