This update fixes two security vulnerabilities (CVE-2014-3591,CVE-2015-0837)
This update fixes two security vulnerabilities (bsc#920057):
* Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
* Fixed data-dependent timing variations in modular exponentiation
[related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
are Practical]
-
Submitted by
Vítězslav Čížek (vitezslav_cizek)
Fixed bugs
bnc#920057
VUL-1: CVE-2014-3591, CVE-2015-0837: libgcrypt, gpg: mitigations against side-channel attacks
