Launchpad.net

CVE 2014-3591

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.

Related bugs and status

CVE-2014-3591 (Candidate) is related to these bugs:

Bug #1409117: GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM

		In	Importance	Status
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg2 (Ubuntu)	Undecided	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg (Ubuntu)	Undecided	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg (Debian)	Unknown	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	GnuPG	Unknown	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg (Ubuntu Precise)	Wishlist	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg2 (Ubuntu Precise)	Wishlist	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg (Ubuntu Utopic)	Wishlist	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg2 (Ubuntu Utopic)	Undecided	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg (Ubuntu Lucid)	Wishlist	Won't Fix
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg2 (Ubuntu Lucid)	Wishlist	Won't Fix
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg (Ubuntu Vivid)	Undecided	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg2 (Ubuntu Vivid)	Undecided	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg (Ubuntu Trusty)	Wishlist	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg2 (Ubuntu Trusty)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-3591

Related bugs and status

Related bugs

References