- Vulnerability/
- USN-4236-2
USN-4236-2: Libgcrypt vulnerability
First published: Tue Jan 14 2020(Updated: )
USN-4236-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding fix for Ubuntu 16.04 LTS. Original advisory details: It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libgcrypt20 | <1.6.5-2ubuntu0.6 | 1.6.5-2ubuntu0.6 |
| =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Libgcrypt vulnerability?
The vulnerability ID for this Libgcrypt vulnerability is USN-4236-2.
What software is affected by this vulnerability?
The Libgcrypt package version 1.6.5-2ubuntu0.6 on Ubuntu 16.04 LTS is affected by this vulnerability.
What is the severity of this vulnerability?
The severity of this vulnerability is not specified. However, it can allow an attacker to perform a timing attack and potentially recover sensitive information.
How can I fix this vulnerability?
To fix this vulnerability, you need to update the Libgcrypt package to version 1.6.5-2ubuntu0.6 or later.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability in the Ubuntu Security Notices: USN-4236-1, USN-4236-3.
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/type
- agent/softwarecombine
- agent/event
- agent/description
- agent/title
- agent/tags
- agent/references
- collector/usn
- source/Ubuntu
- anchor-related/USN-4236-1
- anchor-related/USN-4236-3
- agent/software-canonical-lookup
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/16.04