Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 559942 - <dev-libs/libgcrypt-1.6.4: RSA-CRT key leakage
Summary: <dev-libs/libgcrypt-1.6.4: RSA-CRT key leakage
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A4 [glsa]
Keywords:
Depends on: 567382
Blocks:
  Show dependency tree
 
Reported: 2015-09-08 10:16 UTC by Hanno Böck
Modified: 2016-10-10 11:06 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2015-09-08 10:16:31 UTC
libgcrypt 1.6.4 implements a protection against key leakage with errors in the calculation of RSA signatures with the Chinese Remainder Theorem:
https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000375.html

It can be argued whether this is a vulnerability or "just" a hardening measurement. In a correctly working environment this is no security issue, it only becomes one if there is faulty hardware or other bugs in the software that cause miscalculations. A CVE has been requested on oss-security (but mitre may decide that it's not CVE-worthy).

The background of this change is a very interesting research paper by Florian Weimer from Red Hat:
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
Comment 1 Kristian Fiskerstrand gentoo-dev Security 2015-09-08 10:45:27 UTC
I'm tempted to call this security hardening rather than a vulnerability myself, although I agree the research paper is interesting.

Just bumped package in tree and tested it successfully on my laptop for some common gnupg operations; but should give it some time in tree before stabilizing as usability/stability thrums this security issue/hardening matter. 

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dff004521fdfbbaff54cdba48f4bc0a51d402fb1
Comment 2 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-07-19 02:49:19 UTC
@crypto, 1.6.5 is current stable, but is 1.5.x affected by this?
Comment 3 Kristian Fiskerstrand gentoo-dev Security 2016-07-19 14:51:15 UTC
(In reply to Aaron Bauman from comment #2)
> @crypto, 1.6.5 is current stable, but is 1.5.x affected by this?

1.5 is EOL , removal is tracked in bug 567382
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2016-10-10 11:06:11 UTC
This issue was resolved and addressed in
 GLSA 201610-04 at https://security.gentoo.org/glsa/201610-04
by GLSA coordinator Kristian Fiskerstrand (K_F).