PublicDateAtUSN: 2015-12-31
Candidate: CVE-2015-7511
PublicDate: 2016-04-19 21:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7511
 http://www.cs.tau.ac.IL/~tromer/ecdh/
 https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html
 https://ubuntu.com/security/notices/USN-2896-1
Description:
 Libgcrypt before 1.6.5 does not properly perform elliptic-point curve
 multiplication during decryption, which makes it easier for physically
 proximate attackers to extract ECDH keys by measuring electromagnetic
 emanations.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N [2.0 LOW]

Patches_libgcrypt20:
 upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=28eb424e4427b320ec1c9c4ce56af25d495230bd
 upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=070f0c4e14298c53785ea8caa8db71e30d134a1d
 upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=de7db12fa04016e12dffb2b678632f45eba15ec4
 upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=72b0d74103fef216479f97f9d5fe23e95f6b3ccc
upstream_libgcrypt20: released (1.6.5)
precise_libgcrypt20: DNE
precise/esm_libgcrypt20: DNE
trusty_libgcrypt20: ignored (reached end-of-life)
trusty/esm_libgcrypt20: DNE (trusty was needed)
vivid/stable-phone-overlay_libgcrypt20: ignored (reached end-of-life)
vivid/ubuntu-core_libgcrypt20: released (1.6.2-4ubuntu2.1)
wily_libgcrypt20: released (1.6.3-2ubuntu1.1)
xenial_libgcrypt20: not-affected (1.6.5-2)
esm-infra/xenial_libgcrypt20: not-affected (1.6.5-2)
yakkety_libgcrypt20: not-affected (1.6.5-2)
zesty_libgcrypt20: not-affected (1.6.5-2)
artful_libgcrypt20: not-affected (1.6.5-2)
bionic_libgcrypt20: not-affected (1.6.5-2)
cosmic_libgcrypt20: not-affected (1.6.5-2)
disco_libgcrypt20: not-affected (1.6.5-2)
devel_libgcrypt20: not-affected (1.6.5-2)

Patches_libgcrypt11:
 upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=fcbb9fcc2e6983ea61bf565b6ee2e29816b8cd57
upstream_libgcrypt11: needs-triage
precise_libgcrypt11: released (1.5.0-3ubuntu0.5)
precise/esm_libgcrypt11: released (1.5.0-3ubuntu0.5)
trusty_libgcrypt11: released (1.5.3-2ubuntu4.3)
trusty/esm_libgcrypt11: released (1.5.3-2ubuntu4.3)
vivid/stable-phone-overlay_libgcrypt11: DNE
vivid/ubuntu-core_libgcrypt11: DNE
wily_libgcrypt11: DNE
xenial_libgcrypt11: DNE
yakkety_libgcrypt11: DNE
zesty_libgcrypt11: DNE
artful_libgcrypt11: DNE
bionic_libgcrypt11: DNE
cosmic_libgcrypt11: DNE
disco_libgcrypt11: DNE
devel_libgcrypt11: DNE