Arch Linux Security Advisory ASA-201602-19 ========================================== Severity: High Date : 2016-02-24 CVE-ID : CVE-2015-7511 Package : libgcrypt Type : secret key extraction Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package libgcrypt before version 1.6.5-1 is vulnerable to a side-channel attack leading to extraction of secret decryption keys. Resolution ========== Upgrade to 1.6.5-1. # pacman -Syu "libgcrypt>=1.6.5-1" The problem has been fixed upstream in version 1.6.5. Workaround ========== None. Description =========== A vulnerability was found in a way the ECDH encryption algorithm decrypts data. An attacker with a specialized setup can extract the secret decryption key from a target located in an adjacent room within seconds. This is done by measuring the target's electromagnetic emanations. Impact ====== A remote attacker located in an adjacent room is able to extract the secret decryption key by measuring the target's electromagnetic emanations. References ========== https://access.redhat.com/security/cve/CVE-2015-7511 https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html https://www.cs.tau.ac.il/~tromer/ecdh/