==========================================================================
Ubuntu Security Notice USN-4236-3
January 28, 2020

libgcrypt11 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM

Summary:

Libgcrypt could be made to expose sensitive information.

Software Description:
– libgcrypt11: LGPL Crypto library

Details:

USN-4236-1 fixed a vulnerability in Libgcrypt. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that Libgcrypt was susceptible to a ECDSA timing attack.
An attacker could possibly use this attack to recover sensitive
information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
libgcrypt11 1.5.3-2ubuntu4.6+esm1

Ubuntu 12.04 ESM:
libgcrypt11 1.5.0-3ubuntu0.9

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4236-3
https://usn.ubuntu.com/4236-1
CVE-2019-13627
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl4wcJ0ACgkQRbznW4QL
H2n4mw/+JfaxEpOtC05gAGEqvtKRMj1wLDoHqmF1fYVDCItM+Wms+1egDY87LXsY
rJ6P/fP0F6r/VKtWpIQB8YJzorfq6z0tUmjmUfx1VftebMmTKqKq51IfWiFnPSLj
iirG5yVk1kKyB9xOe4AiGa0GhbAAKJbO/mMu08zy9OotNqBk6Jky6gy7OjwTUfY2
PsjRFMktLE3O5dus0hcJOjjITtFDcBRrg+Z9dQwWUx2E90cpa4ffytnMJ26EFadf
1mhLN81leqXiiw9/xgBGKYem2NVa6feD7VPvHhCDmvlX/F2dgOz0qvOp2g3dcwOj
KkS16/L7559FwHF2HaxnhwpLBZq0ufErwfhsOc74vRstUEsof0DHPxnNArkXPLAD
a8VJ/6UMxC+FfS3HQkivP/TyutI5ad9bEdJ35ytyxe/lyulO7xIMJrW8wAbvz+hq
vngVi0H/JlA0aSAo2elN53rfjDfogV24x1OSGxCWdTPVZX1aWlZPNkvG7GP+m2de
r4XLqbYCUvAzGjixRtwC7A37dXtFCJy+AxY5wgf+cxa93fMMAkl68rig9l/HUerw
b0th3zTskLdxfwM0qHPcpBGP0ThpcGWtmxlvmcGpxJLqt/f9pl9rxzPKjxU7nT89
/IdRdcuz6tlcMvFgAMvm9lERvIpklGXc+Pr69nMQH6bY4pKbfwg=
=OBbC
—–END PGP SIGNATURE—–
—