ALAS-2022-1578

Amazon Linux 1 (EOL) Security Advisory: ALAS-2022-1578
Advisory Released Date: 2022-04-07
Advisory Updated Date: 2022-04-07

Severity: Medium

References: CVE-2021-33560
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A side-channel attack flaw was found in the way libgcrypt implemented Elgamal encryption. This flaw allows an attacker to decrypt parts of ciphertext encrypted using Elgamal, for example, when using OpenPGP. The highest threat from this vulnerability is to confidentiality. (CVE-2021-33560)

Affected Packages:

libgcrypt

Issue Correction:
Run yum update libgcrypt to update your system.

New Packages:

i686:
    libgcrypt-debuginfo-1.5.3-12.20.amzn1.i686
    libgcrypt-devel-1.5.3-12.20.amzn1.i686
    libgcrypt-1.5.3-12.20.amzn1.i686

src:
    libgcrypt-1.5.3-12.20.amzn1.src

x86_64:
    libgcrypt-debuginfo-1.5.3-12.20.amzn1.x86_64
    libgcrypt-devel-1.5.3-12.20.amzn1.x86_64
    libgcrypt-1.5.3-12.20.amzn1.x86_64

Additional References

Red Hat: CVE-2021-33560

Mitre: CVE-2021-33560