CVE-2014-5270

Publication date 18 August 2014

Last updated 24 July 2024


Ubuntu priority

Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.

Status

Package Ubuntu Release Status
gnupg 14.04 LTS trusty
Not affected
12.04 LTS precise
Fixed 1.4.11-3ubuntu2.7
10.04 LTS lucid
Fixed 1.4.10-2ubuntu1.7
libgcrypt11 14.04 LTS trusty
Fixed 1.5.3-2ubuntu4.1
12.04 LTS precise
Fixed 1.5.0-3ubuntu0.3
10.04 LTS lucid
Fixed 1.4.4-5ubuntu2.3
libgcrypt20 14.04 LTS trusty Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release

References

Related Ubuntu Security Notices (USN)

Other references