Bug 1187212 (CVE-2021-33560)

Summary: VUL-0: CVE-2021-33560: libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm
Product: [Novell Products] SUSE Security Incidents Reporter: Alexander Bergmann <abergmann>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: gianluca.gabrielli, meissner, pmonrealgonzalez, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/301428/
See Also: https://bugzilla.suse.com/show_bug.cgi?id=1187894
Whiteboard: CVSSv3.1:SUSE:CVE-2021-33560:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexander Bergmann 2021-06-11 07:56:12 UTC
rh#1970096

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. (There is also an interoperability problem because the selection of the k integer value does not properly consider the differences between basic ElGamal encryption and generalized ElGamal encryption.) This, for example, affects use of ElGamal in OpenPGP.

References:
https://dev.gnupg.org/T5466
https://dev.gnupg.org/rCe8b7f10be275bcedb5fc05ed4837a89bfd605c61
https://dev.gnupg.org/T5305
https://dev.gnupg.org/T5328

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1970096
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33560
http://www.cvedetails.com/cve/CVE-2021-33560/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33560
https://dev.gnupg.org/T5466
https://dev.gnupg.org/rCe8b7f10be275bcedb5fc05ed4837a89bfd605c61
https://dev.gnupg.org/T5305
https://dev.gnupg.org/T5328
Comment 1 Pedro Monreal Gonzalez 2021-06-11 11:22:05 UTC
See also: 

cipher: Fix ElGamal encryption for other implementations.

https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=632d80ef30e13de6926d503aa697f92b5dbfbc5e
Comment 2 Gianluca Gabrielli 2021-06-11 11:41:58 UTC
Affected packages:
 - SUSE:SLE-11-SP2:Update/libgcrypt  1.5.0
 - SUSE:SLE-11:Update/libgcrypt      1.4.1
 - SUSE:SLE-12:Update/libgcrypt      1.6.1
 - SUSE:SLE-15-SP1:Update/libgcrypt  1.8.2
 - SUSE:SLE-15:Update/libgcrypt      1.8.2
 - openSUSE:Factory/libgcrypt        1.9.3

Upstream patch [0].

[0] https://github.com/gpg/libgcrypt/commit/632d80ef30e13de6926d503aa697f92b5dbfbc5e.patch
Comment 3 Pedro Monreal Gonzalez 2021-06-11 11:44:10 UTC
(In reply to Gianluca Gabrielli from comment #2)
> Upstream patch [0].
> 
> [0]
> https://github.com/gpg/libgcrypt/commit/
> 632d80ef30e13de6926d503aa697f92b5dbfbc5e.patch

Main patch is [1] https://dev.gnupg.org/rCe8b7f10be275bcedb5fc05ed4837a89bfd605c61
Comment 4 Gianluca Gabrielli 2021-06-11 14:58:15 UTC
Thanks for your input. I just want to be sure you have seen that this commit message [0] mentions CVE-2021-33560, and yes it is related to the same GPG internal ticket T5328.

[0] https://github.com/gpg/libgcrypt/commit/632d80ef30e13de6926d503aa697f92b5dbfbc5e
Comment 5 Pedro Monreal Gonzalez 2021-06-14 11:37:07 UTC
Factory submission:
   https://build.opensuse.org/request/show/899923
Comment 8 Swamp Workflow Management 2021-06-18 19:20:34 UTC
SUSE-SU-2021:14751-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1187212
CVE References: CVE-2021-33560
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    libgcrypt-1.5.0-0.26.6.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    libgcrypt-1.5.0-0.26.6.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libgcrypt-1.5.0-0.26.6.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    libgcrypt-1.5.0-0.26.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2021-06-24 19:21:02 UTC
SUSE-SU-2021:2155-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1187212
CVE References: CVE-2021-33560
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    libgcrypt-1.8.2-6.52.1
SUSE Linux Enterprise Server 15-LTSS (src):    libgcrypt-1.8.2-6.52.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    libgcrypt-1.8.2-6.52.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    libgcrypt-1.8.2-6.52.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2021-06-24 19:22:13 UTC
SUSE-SU-2021:2157-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1187212
CVE References: CVE-2021-33560
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    libgcrypt-1.8.2-8.39.1
SUSE Manager Server 4.0 (src):    libgcrypt-1.8.2-8.39.1
SUSE Manager Retail Branch Server 4.0 (src):    libgcrypt-1.8.2-8.39.1
SUSE Manager Proxy 4.0 (src):    libgcrypt-1.8.2-8.39.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    libgcrypt-1.8.2-8.39.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    libgcrypt-1.8.2-8.39.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    libgcrypt-1.8.2-8.39.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    libgcrypt-1.8.2-8.39.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    libgcrypt-1.8.2-8.39.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    libgcrypt-1.8.2-8.39.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    libgcrypt-1.8.2-8.39.1
SUSE Enterprise Storage 6 (src):    libgcrypt-1.8.2-8.39.1
SUSE CaaS Platform 4.0 (src):    libgcrypt-1.8.2-8.39.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2021-06-24 19:24:48 UTC
SUSE-SU-2021:2156-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1187212
CVE References: CVE-2021-33560
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    libgcrypt-1.6.1-16.77.1
SUSE OpenStack Cloud Crowbar 8 (src):    libgcrypt-1.6.1-16.77.1
SUSE OpenStack Cloud 9 (src):    libgcrypt-1.6.1-16.77.1
SUSE OpenStack Cloud 8 (src):    libgcrypt-1.6.1-16.77.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    libgcrypt-1.6.1-16.77.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    libgcrypt-1.6.1-16.77.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    libgcrypt-1.6.1-16.77.1
SUSE Linux Enterprise Server 12-SP5 (src):    libgcrypt-1.6.1-16.77.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    libgcrypt-1.6.1-16.77.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    libgcrypt-1.6.1-16.77.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    libgcrypt-1.6.1-16.77.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    libgcrypt-1.6.1-16.77.1
HPE Helion Openstack 8 (src):    libgcrypt-1.6.1-16.77.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2021-07-11 13:33:50 UTC
openSUSE-SU-2021:2157-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1187212
CVE References: CVE-2021-33560
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    libgcrypt-1.8.2-8.39.1
Comment 13 Marcus Meissner 2021-08-09 11:05:00 UTC
released