[3.6] libgcrypt: Missing input validation for X25519 curve (CVE-2017-0379)
Libgcrypt before 1.8.1 does not properly consider Curve25519
side-channel attacks,
which makes it easier for attackers to discover a secret key, related to
cipher/ecc.c and mpi/ec.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-0379
https://eprint.iacr.org/2017/806
Patch:
(from redmine: issue id 7832, created on 2017-09-14, closed on 2017-09-19)
- Relations:
- parent #7831 (closed)
- Changesets:
- Revision 696f5be8 by Natanael Copa on 2017-09-19T08:54:38Z:
main/libgcrypt: security upgrade to 1.7.9 (CVE-2017-0378)
fixes #7832