Bug 1046607 - (CVE-2017-7526) VUL-0: CVE-2017-7526: compat-libgcrypt11,libgcrypt: Hardening against local side-channel attack
(CVE-2017-7526)
VUL-0: CVE-2017-7526: compat-libgcrypt11,libgcrypt: Hardening against local s...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/187567/
CVSSv3:SUSE:CVE-2017-7526:2.9:(AV:L/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-29 09:28 UTC by Johannes Segitz
Modified: 2018-10-08 22:40 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
Patches for version 1.6.1 (2.85 KB, application/gzip)
2017-06-30 12:38 UTC, Pedro Monreal Gonzalez
Details
Patches for version 1.5.0 (2.77 KB, application/gzip)
2017-06-30 12:38 UTC, Pedro Monreal Gonzalez
Details
Patches for version 1.2.2 (2.74 KB, application/gzip)
2017-06-30 12:39 UTC, Pedro Monreal Gonzalez
Details

Note You need to log in before you can comment on or make changes to this bug.
Comment 2 Pedro Monreal Gonzalez 2017-06-30 12:36:34 UTC
This bug is corrected in [1] and requires the new functions defined in [2]. 

Packages submitted for libgcrypt:
openSUSE:Factory        1.7.7   Updated to 1.7.8 and fixed
SLE-12:Update           1.6.1   sr#135175
SLE-11:Update           1.4.1   sr#135176
SLE-11-SP2:Update       1.5.0   sr#135177
SLE-10-SP3:Update       1.2.2   sr#135178

Packages submitted for compat-libgcrypt11:
SLE-12:Update          1.5.0    sr#135186

[1] https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e6a3dc9900433bbc8ad362a595a3837318c28fa9
[2] https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=8725c99ffa41778f382ca97233183bcd687bb0ce
Comment 3 Pedro Monreal Gonzalez 2017-06-30 12:38:02 UTC
Created attachment 730882 [details]
Patches for version 1.6.1
Comment 4 Pedro Monreal Gonzalez 2017-06-30 12:38:33 UTC
Created attachment 730883 [details]
Patches for version 1.5.0
Comment 5 Pedro Monreal Gonzalez 2017-06-30 12:39:01 UTC
Created attachment 730884 [details]
Patches for version 1.2.2
Comment 7 Swamp Workflow Management 2017-07-01 08:21:14 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2017-07-17.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63737
Comment 9 Swamp Workflow Management 2017-07-06 13:14:18 UTC
SUSE-SU-2017:1793-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1046607
CVE References: CVE-2017-7526
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libgcrypt-1.5.0-0.25.1
SUSE Linux Enterprise Server 11-SP4 (src):    libgcrypt-1.5.0-0.25.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libgcrypt-1.5.0-0.25.1
Comment 10 Swamp Workflow Management 2017-07-06 13:14:46 UTC
SUSE-SU-2017:1794-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1046607
CVE References: CVE-2017-7526
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    libgcrypt-1.6.1-16.42.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    libgcrypt-1.6.1-16.42.1
SUSE Linux Enterprise Server 12-SP2 (src):    libgcrypt-1.6.1-16.42.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    libgcrypt-1.6.1-16.42.1
OpenStack Cloud Magnum Orchestration 7 (src):    libgcrypt-1.6.1-16.42.1
Comment 11 Swamp Workflow Management 2017-07-08 01:15:01 UTC
openSUSE-SU-2017:1822-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1046607
CVE References: CVE-2017-7526
Sources used:
openSUSE Leap 42.2 (src):    libgcrypt-1.6.1-34.6.1
Comment 12 Swamp Workflow Management 2017-07-14 19:11:36 UTC
SUSE-SU-2017:1866-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1046607
CVE References: CVE-2017-7526
Sources used:
SUSE Linux Enterprise Module for Legacy Software 12 (src):    compat-libgcrypt11-1.5.0-0.6.1
Comment 14 Marcus Meissner 2017-08-10 11:27:57 UTC
released