CVE-2019-13627
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.
| Software | From | Fixed in |
|---|---|---|
| canonical / ubuntu_linux | 16.04 | 16.04.x |
| canonical / ubuntu_linux | 12.04 | 12.04.x |
| canonical / ubuntu_linux | 18.04 | 18.04.x |
| opensuse / leap | 15.0 | 15.0.x |
| canonical / ubuntu_linux | 19.04 | 19.04.x |
| canonical / ubuntu_linux | 14.04 | 14.04.x |
| opensuse / leap | 15.1 | 15.1.x |
| canonical / ubuntu_linux | 19.10 | 19.10.x |
| libgcrypt20_project / libgcrypt20 | 1.6.3-2+deb8u4 | 1.6.3-2+deb8u4.x |
| libgcrypt20_project / libgcrypt20 | 1.7.6-2+deb9u3 | 1.7.6-2+deb9u3.x |
| libgcrypt20_project / libgcrypt20 | 1.8.4-5 | 1.8.4-5.x |
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00060.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00018.html
- http://www.openwall.com/lists/oss-security/2019/10/02/2
- https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.8.5
- https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html
- https://lists.debian.org/debian-lts-announce/2020/01/msg00001.html
- https://minerva.crocs.fi.muni.cz/
- https://security-tracker.debian.org/tracker/CVE-2019-13627
- https://security.gentoo.org/glsa/202003-32
- https://usn.ubuntu.com/4236-1/
- https://usn.ubuntu.com/4236-2/
- https://usn.ubuntu.com/4236-3/
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime