HCE1-SA-2023-0030 Moderate HCE 1.1 Security Fix(es): The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. (CVE-2021-40528) libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used. (CVE-2017-7526) HCE 1.1 libgcrypt-1.5.3-15.hce1c.x86_64.rpm libgcrypt-devel-1.5.3-15.hce1c.x86_64.rpm