623006 – (CVE-2017-7526) <dev-libs/libgcrypt-1.7.8: flush+reload side-channel attack on RSA secret keys: "Sliding right into disaster".

Bug 623006 (CVE-2017-7526) - <dev-libs/libgcrypt-1.7.8: flush+reload side-channel attack on RSA secret keys: "Sliding right into disaster".

Summary: <dev-libs/libgcrypt-1.7.8: flush+reload side-channel attack on RSA secret key...

Status:	RESOLVED FIXED

Alias:	CVE-2017-7526

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://lists.gnupg.org/pipermail/gnu...
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:	CVE-2017-0379
Blocks:	CVE-2017-9526
	Show dependency tree

Reported:	2017-06-29 07:50 UTC by Kristian Fiskerstrand (RETIRED)
Modified:	2017-09-10 22:58 UTC (History)
CC List:	3 users (show)

See Also:
Package list:	dev-libs/libgcrypt-1.7.8
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kristian Fiskerstrand (RETIRED) gentoo-dev

2017-06-29 07:50:01 UTC

Noteworthy changes in version 1.7.8 (2017-06-29)  [C21/A1/R8]
===================================

 * Bug fixes:

   - Mitigate a flush+reload side-channel attack on RSA secret keys
     dubbed "Sliding right into disaster".  For details see
     <https://eprint.iacr.org/2017/627>.  [CVE-2017-7526]


Note that this side-channel attack requires that the attacker can run
arbitrary software on the hardware where the private RSA key is used.
Allowing execute access to a box with private keys should be considered
as a game over condition, anyway.  Thus in practice there are easier
ways to access the private keys than to mount this side-channel attack.
However, on boxes with virtual machines this attack may be used by one
VM to steal private keys from another VM.

Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev

2017-06-29 07:58:25 UTC

commit 314d755d0e145799cf1771744df9f08932432b6d (HEAD -> master)
Author: Kristian Fiskerstrand <k_f@gentoo.org>
Date:   Thu Jun 29 09:55:32 2017 +0200

    dev-libs/libgcrypt: New upstream version 1.7.8
    
    Package-Manager: Portage-2.3.6, Repoman-2.3.1

Comment 2 Stabilization helper bot gentoo-dev

2017-06-29 08:01:55 UTC

An automated check of this bug failed - the following atom is unknown:

dev-libs/libgcrypt-1.7.8

Please verify the atom list.

Comment 3 Agostino Sarubbo gentoo-dev

2017-06-30 08:32:31 UTC

amd64 stable

Comment 4 Sergei Trofimovich (RETIRED) gentoo-dev

2017-06-30 11:12:31 UTC

ia64 stable

Comment 5 Agostino Sarubbo gentoo-dev

2017-06-30 11:14:34 UTC

x86 stable

Comment 6 Markus Meier gentoo-dev

2017-07-07 06:19:33 UTC

arm stable

Comment 7 Agostino Sarubbo gentoo-dev

2017-07-07 09:12:33 UTC

sparc stable

Comment 8 Agostino Sarubbo gentoo-dev

2017-07-07 13:28:07 UTC

ppc stable

Comment 9 Agostino Sarubbo gentoo-dev

2017-07-07 14:53:25 UTC

ppc64 stable

Comment 10 Kristian Fiskerstrand (RETIRED) gentoo-dev

2017-07-08 20:16:06 UTC

Changing designation to B3 as this requires specific configuration to be an attack vector, and impractical in nature.

GLSA Vote: No

Comment 11 Tobias Klausmann (RETIRED) gentoo-dev

2017-07-16 11:13:07 UTC

Stable on alpha.

Comment 12 Kristian Fiskerstrand (RETIRED) gentoo-dev

2017-07-28 14:51:57 UTC

ping for hppa