Bug 1042326 (CVE-2017-9526) - VUL-0: CVE-2017-9526: libgcrypt: timing attack on EdDSA session key
Summary: VUL-0: CVE-2017-9526: libgcrypt: timing attack on EdDSA session key
Status: RESOLVED FIXED
: 1043777 (view as bug list)
Alias: CVE-2017-9526
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/186176/
Whiteboard: CVSSv3:SUSE:CVE-2017-9526:3.6:(AV:P/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2017-06-02 09:07 UTC by Andreas Stieger
Modified: 2023-04-06 15:24 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2017-06-02 09:07:29 UTC
Fixed in libgrcypt 1.7.7:

An attacker who learns the EdDSA session key from side-channel
observation during the signing process, can easily recover the long-
term secret key. Storing the session key in secure memory ensures that
constant time point operations are used in the MPI library.

master:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=5a22de904a0a366ae79f03ff1e13a1232a89e26b
1.7.x:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=f9494b3f258e01b6af8bd3941ce436bcc00afc56
Comment 1 Pedro Monreal Gonzalez 2017-06-02 10:46:26 UTC
Packages submitted:

openSUSE:Factory                1.7.6   sr#500599
openSUSE:Leap:42.2:Update       Comes from SUSE:SLE-12:Update
openSUSE:Leap:42.1:Update       Comes from SUSE:SLE-12:GA

SUSE:SLE-12:Update              1.6.1   mr#133581
SUSE:SLE-11-SP2:Update          1.5.0   Not affected
SUSE:SLE-11:Update              1.4.1   Not affected
SUSE:SLE-10-SP3:Update          1.2.2   Not affected
Comment 3 Marcus Meissner 2017-06-09 06:51:48 UTC
CVE requested via webform
Comment 4 Johannes Segitz 2017-06-12 07:10:54 UTC
*** Bug 1043777 has been marked as a duplicate of this bug. ***
Comment 5 Johannes Segitz 2017-06-12 07:11:58 UTC
This is CVE-2017-9526
Comment 6 Swamp Workflow Management 2017-06-19 16:11:21 UTC
SUSE-SU-2017:1608-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1042326,931932
CVE References: CVE-2017-9526
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    libgcrypt-1.6.1-16.39.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    libgcrypt-1.6.1-16.39.1
SUSE Linux Enterprise Server 12-SP2 (src):    libgcrypt-1.6.1-16.39.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    libgcrypt-1.6.1-16.39.1
OpenStack Cloud Magnum Orchestration 7 (src):    libgcrypt-1.6.1-16.39.1
Comment 7 Marcus Meissner 2017-06-20 13:20:08 UTC
sle released. 42.2 released soon
Comment 8 Swamp Workflow Management 2017-06-26 22:10:51 UTC
openSUSE-SU-2017:1700-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1042326,931932
CVE References: CVE-2017-9526
Sources used:
openSUSE Leap 42.2 (src):    libgcrypt-1.6.1-34.3.1