Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 621218 (CVE-2017-9526)

Summary: <dev-libs/libgcrypt-1.7.7: Possible timing attack on EdDSA session key
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: crypto+disabled, k_f
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa cve]
Package list:
dev-libs/libgcrypt-1.7.7 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Runtime testing required: ---
Bug Depends on: 623006    
Bug Blocks:    

Description Agostino Sarubbo gentoo-dev 2017-06-08 15:59:26 UTC
From ${URL} :

An attacker who learns the EdDSA session key from side-channel observation during the signing process, can easily recover the long-term secret key. Storing the session key in secure memory ensures that 
constant time point operations are used in the MPI library.

Upstream fixes:



@maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
Comment 1 Agostino Sarubbo gentoo-dev 2017-06-09 09:45:25 UTC
amd64 stable
Comment 2 Agostino Sarubbo gentoo-dev 2017-06-09 10:23:39 UTC
x86 stable
Comment 3 Agostino Sarubbo gentoo-dev 2017-06-10 13:49:29 UTC
sparc stable
Comment 4 Agostino Sarubbo gentoo-dev 2017-06-10 15:21:47 UTC
ia64 stable
Comment 5 Markus Meier gentoo-dev 2017-06-12 18:53:54 UTC
arm stable
Comment 6 Agostino Sarubbo gentoo-dev 2017-06-13 12:35:36 UTC
ppc64 stable
Comment 7 Tobias Klausmann (RETIRED) gentoo-dev 2017-06-20 15:00:52 UTC
Stable on alpha.
Comment 8 Agostino Sarubbo gentoo-dev 2017-06-21 12:03:53 UTC
ppc stable
Comment 9 Kristian Fiskerstrand (RETIRED) gentoo-dev 2017-06-24 11:33:38 UTC
GLSA Vote: No
Comment 10 Kristian Fiskerstrand (RETIRED) gentoo-dev 2017-06-29 07:59:57 UTC
We got bug 623006 now, so adding this to same glsa as that one
Comment 11 Kristian Fiskerstrand (RETIRED) gentoo-dev 2017-07-08 20:18:33 UTC
EdDSA is only used by gnupg in --expert mode and is not defined in official OpenPGP standard yet, so impact is particular in nature. Originally noglsa but changed pending bug 623006, which is now also designated noglsa.

Waiting for hppa in bug 623006 and cleanup