Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 559942

Summary: <dev-libs/libgcrypt-1.6.4: RSA-CRT key leakage
Product: Gentoo Security Reporter: Hanno Böck <hanno>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: crypto+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A4 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 567382    
Bug Blocks:    

Description Hanno Böck gentoo-dev 2015-09-08 10:16:31 UTC 
libgcrypt 1.6.4 implements a protection against key leakage with errors in the calculation of RSA signatures with the Chinese Remainder Theorem:
https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000375.html

It can be argued whether this is a vulnerability or "just" a hardening measurement. In a correctly working environment this is no security issue, it only becomes one if there is faulty hardware or other bugs in the software that cause miscalculations. A CVE has been requested on oss-security (but mitre may decide that it's not CVE-worthy).

The background of this change is a very interesting research paper by Florian Weimer from Red Hat:
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-09-08 10:45:27 UTC 
I'm tempted to call this security hardening rather than a vulnerability myself, although I agree the research paper is interesting.

Just bumped package in tree and tested it successfully on my laptop for some common gnupg operations; but should give it some time in tree before stabilizing as usability/stability thrums this security issue/hardening matter. 

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dff004521fdfbbaff54cdba48f4bc0a51d402fb1
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2016-07-19 02:49:19 UTC 
@crypto, 1.6.5 is current stable, but is 1.5.x affected by this?
Comment 3 Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-07-19 14:51:15 UTC 
(In reply to Aaron Bauman from comment #2)
> @crypto, 1.6.5 is current stable, but is 1.5.x affected by this?

1.5 is EOL , removal is tracked in bug 567382
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2016-10-10 11:06:11 UTC 
This issue was resolved and addressed in
 GLSA 201610-04 at https://security.gentoo.org/glsa/201610-04
by GLSA coordinator Kristian Fiskerstrand (K_F).