PublicDateAtUSN: 2014-12-31 Candidate: CVE-2014-3591 PublicDate: 2019-11-29 22:15:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591 http://www.cs.tau.ac.il/~tromer/radioexp/ https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html https://ubuntu.com/security/notices/USN-2554-1 https://ubuntu.com/security/notices/USN-2555-1 Description: Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication. Ubuntu-Description: Notes: Bugs: Priority: low Discovered-by: Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer Assigned-to: mdeslaur CVSS: nvd: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N [4.2 MEDIUM] Patches_libgcrypt20: upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=d482948ac41768c36c5352a513fca8c50d2da4db upstream_libgcrypt20: released (1.6.3-2) lucid_libgcrypt20: DNE precise_libgcrypt20: DNE trusty_libgcrypt20: released (1.6.1-2ubuntu1.14.04.1) trusty/esm_libgcrypt20: DNE (trusty was released [1.6.1-2ubuntu1.14.04.1]) utopic_libgcrypt20: released (1.6.1-2ubuntu1.14.10.1) devel_libgcrypt20: released (1.6.2-4ubuntu2) Patches_libgcrypt11: upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=35cd81f134c0da4e7e6fcfe40d270ee1251f52c2 upstream_libgcrypt11: needed lucid_libgcrypt11: released (1.4.4-5ubuntu2.4) precise_libgcrypt11: released (1.5.0-3ubuntu0.4) trusty_libgcrypt11: released (1.5.3-2ubuntu4.2) trusty/esm_libgcrypt11: released (1.5.3-2ubuntu4.2) utopic_libgcrypt11: released (1.5.4-2ubuntu1.1) devel_libgcrypt11: DNE Patches_gnupg: upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=ff53cf06e966dce0daba5f2c84e03ab9db2c3c8b upstream_gnupg: released (1.4.18-7) lucid_gnupg: released (1.4.10-2ubuntu1.8) precise_gnupg: released (1.4.11-3ubuntu2.9) trusty_gnupg: released (1.4.16-1ubuntu2.3) trusty/esm_gnupg: released (1.4.16-1ubuntu2.3) utopic_gnupg: released (1.4.16-1.2ubuntu1.2) devel_gnupg: not-affected (1.4.18-7ubuntu1)