Luke Valenta

**Name of the Vulnerable Software and Affected Versions** Libgcrypt versions prior to 1.8.1 **Description** The issue makes it easier for attackers to discover a secret key due to not properly considering Curve25519 side-channel attacks, related to files cipher/ecc.c and mpi/ec.c. **Recommendations** For versions prior to 1.8.1, update to version 1.8.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.5 **Description** The issue is related to the lack of protection for internal data in the Tcl component of the operating system. It can be exploited by a remote attacker to obtain sensitive information by leveraging SSLv2 support. **Recommendations** For Apple OS X versions prior to 10.11.5, update to version 10.11.5 or later to resolve the issue. As a temporary workaround, consider disabling SSLv2 support to minimize the risk of exploitation.