CVE-2014-5270

Priority
Description
Libgcrypt before 1.5.4, as used in GnuPG and other products, does not
properly perform ciphertext normalization and ciphertext randomization,
which makes it easier for physically proximate attackers to conduct
key-extraction attacks by leveraging the ability to collect voltage data
from exposed metal, a different vector than CVE-2013-4576.
Assigned-to
mdeslaur
Package
Source: gnupg (LP Ubuntu Debian)
Upstream:released (1.4.16-1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1.4.16-1ubuntu2.1)
Patches:
Upstream:http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=cad8216f9a0b33c9dc84ecc4f385b00045e7b496
Package
Upstream:released (1.6.0-2)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1.6.1-2ubuntu1)
More Information

Updated: 2019-03-19 12:15:25 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)