[3.1] libgcrypt: side-channel attack on ECDH with Weierstrass curves (CVE-2015-7511)
A vulnerability was found in a way the ECDH encryption algorithm
decrypts data.
An attacker with a specialised setup can extract the secret decryption
key from
a target located in an adjacent room within seconds.
This is done by measuring the target’s electromagnetic emanations.
Fixed in version:
libgcrypt 1.6.5
References:
http://www.cs.tau.ac.il/~tromer/ecdh/
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-7511
https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html
(from redmine: issue id 5136, created on 2016-02-18, closed on 2016-02-22)
- Relations:
- parent #5133 (closed)
- Changesets:
- Revision ac62e682 on 2016-02-18T14:00:13Z:
main/libgcrypt: security upgrade to 1.6.5 (CVE-2015-7511). Fixes #5136