{"id":"MGASA-2021-0446","summary":"Updated libgcrypt packages fix security vulnerability","details":"The updated packages fix a security vulnerability:\n\nThe ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext\nrecovery because, during interaction between two cryptographic libraries,\na certain dangerous combination of the prime defined by the receiver's\npublic key, the generator defined by the receiver's public key, and the\nsender's ephemeral exponents can lead to a cross-configuration attack\nagainst OpenPGP (CVE-2021-40528).\n","modified":"2026-04-16T00:09:53.987772511Z","published":"2021-09-29T17:22:22Z","upstream":["CVE-2021-40528"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0446.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29467"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5080-1"}],"affected":[{"package":{"name":"libgcrypt","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/libgcrypt?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.7-1.2.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0446.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}