[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index] [SECURITY] [DSA 6294-1] libgcrypt20 security update To: debian-security-announce@lists.debian.org Subject: [SECURITY] [DSA 6294-1] libgcrypt20 security update From: Salvatore Bonaccorso <carnil@debian.org> Date: Fri, 22 May 2026 21:50:33 +0000 Message-id: <[🔎] E1wQXlJ-000000088pQ-0Qlp@seger.debian.org> Reply-to: debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6294-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 22, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libgcrypt20 CVE ID : CVE-2026-41989 It was discovered that an incorrect implementation of ECDH encryption (with NIST, Brainpool, X448, or X25519 curves) within Libgcrypt could result in denial of service. For the oldstable distribution (bookworm), this problem has been fixed in version 1.10.1-3+deb12u1. For the stable distribution (trixie), this problem has been fixed in version 1.11.0-7+deb13u1. We recommend that you upgrade your libgcrypt20 packages. For the detailed security status of libgcrypt20 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libgcrypt20 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmoQz2hfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Q8oxAAlNHcLdrpfsFGMxHXPUr1/QsMp4sc6jnyf3K2NbRcjwjhHA1jvHNEmote k9qmg8hG/ilacQkc48lG4mzF0cwE2UmOXN53vGo1Kps9fjnZ++Fwq0W+lGFLpvFz bwh5x5kU63jKVKfWbXOTmj9hpw0utOPJbkpCki+SD9BWAYuRmqWfpsO+0vyOYNCd Wm54QIc8aCAO7YvhDIzsVjO3G/5R09V0hR+Nflq5oyKwYJy50BwJ3p8OMH3WYCEQ 1uFsSis2qr+c2QWkBBe5YQk9KYXoj9g1h+wqovKpLTc8NpYXA4wxwbrSH87PmaV2 h2GIBvAOmen9/yRjvNc8WvQN4IyOA+eEBw+CYpPyv6hQKQeT2ys+UFvcX1FduPgk 6ZcTTDT0VaTOOdmGPq3IJ5Cq9OrLmVidNNoLWGpxmmFGHXWgz18laziQAjBKF9Vl umUuK7cWTkg1Yzjk1k7QNfGgUM+gMvB9evIuoCH23LTOAhoc8H+8M7U7XzavPP+j E53SM0hFzkWQOStTwmCnxyPbh7eNuziRc7lznAKjcGS8Ko6lDUK1o6lkcET/+MVE xuFS/t3+YCpn4u8mwSF6GSmsk+7+PCfY0Bch6aewCtSWrcyB3+0/bTzQZ/Gl2i0B Ac923ETtKckFf+A9Dv0GxSH32Emmi7B5i3YDlKRo84cNRo9+JZw= =n+JN -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Salvatore Bonaccorso (on-list) Salvatore Bonaccorso (off-list) Prev by Date: [SECURITY] [DSA 6293-1] krb5 security update Previous by thread: [SECURITY] [DSA 6293-1] krb5 security update Index(es): Date Thread