Bug 965902 (CVE-2015-7511)

Summary: VUL-0: CVE-2015-7511: libgcrypt: side-channel attack on ECDH with Weierstrass curves
Product: [Novell Products] SUSE Security Incidents Reporter: Andreas Stieger <astieger>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: krahmer, meissner, michal.vyskocil, mnowak, vcizek
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVSSv2:SUSE:CVE-2015-7511:4.3:(AV:A/AC:M/Au:N/C:P/I:P/A:N) CVSSv2:NVD:CVE-2015-7511:1.9:(AV:L/AC:M/Au:N/C:P/I:N/A:N) CVSSv2:RedHat:CVE-2015-7511:1.8:(AV:A/AC:H/Au:N/C:P/I:N/A:N)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Andreas Stieger 2016-02-09 16:14:23 UTC
From https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html

>  * Mitigate side-channel attack on ECDH with Weierstrass curves
>    [CVE-2015-7511].  See http://www.cs.tau.ac.IL/~tromer/ecdh/ for
>    details.

Fixed in 1.6.5

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=88e1358962e902ff1cbec8d53ba3eee46407851a

Note that there are other commits to the ECC code in the same release which need to be checked.

> Thanks to Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran
> Tromer.   http://www.cs.tau.ac.IL/~tromer/ecdh/
> 
> This could be an effective contermeasure to some chosen cipher text
> attacks.
Comment 1 Swamp Workflow Management 2016-02-09 23:01:24 UTC
bugbot adjusting priority
Comment 6 Marcus Meissner 2016-02-10 13:30:14 UTC
This issue does not affect SUSE Linux Enterprise 10, as the affected code is not present.
Comment 7 Swamp Workflow Management 2016-02-25 10:12:17 UTC
openSUSE-SU-2016:0575-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 965902
CVE References: CVE-2015-7511
Sources used:
openSUSE 13.2 (src):    libgcrypt-1.6.1-8.13.1
Comment 10 Přemysl Janouch 2016-04-04 14:06:22 UTC
I've had a look at the version in SLE 11 and it seems to be a considerably different codebase. In my opinion it's an utter waste of time trying to backport it there (agreeing here with Sebastian).

I've just submitted the backported fix for SLE 12.
Comment 11 Swamp Workflow Management 2016-04-18 11:08:43 UTC
SUSE-SU-2016:1089-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 965902
CVE References: CVE-2015-7511
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    libgcrypt-1.6.1-16.27.1
SUSE Linux Enterprise Software Development Kit 12 (src):    libgcrypt-1.6.1-16.27.1
SUSE Linux Enterprise Server 12-SP1 (src):    libgcrypt-1.6.1-16.27.1
SUSE Linux Enterprise Server 12 (src):    libgcrypt-1.6.1-16.27.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    libgcrypt-1.6.1-16.27.1
SUSE Linux Enterprise Desktop 12 (src):    libgcrypt-1.6.1-16.27.1
Comment 12 Swamp Workflow Management 2016-05-04 14:14:00 UTC
openSUSE-SU-2016:1227-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 965902
CVE References: CVE-2015-7511
Sources used:
openSUSE Leap 42.1 (src):    libgcrypt-1.6.1-26.1
Comment 13 Marcus Meissner 2016-05-25 14:56:33 UTC
released