Noteworthy changes in version 1.7.8 (2017-06-29) [C21/A1/R8]
* Bug fixes:
- Mitigate a flush+reload side-channel attack on RSA secret keys
dubbed "Sliding right into disaster". For details see
Note that this side-channel attack requires that the attacker can run
arbitrary software on the hardware where the private RSA key is used.
Allowing execute access to a box with private keys should be considered
as a game over condition, anyway. Thus in practice there are easier
ways to access the private keys than to mount this side-channel attack.
However, on boxes with virtual machines this attack may be used by one
VM to steal private keys from another VM.
commit 314d755d0e145799cf1771744df9f08932432b6d (HEAD -> master)
Author: Kristian Fiskerstrand <firstname.lastname@example.org>
Date: Thu Jun 29 09:55:32 2017 +0200
dev-libs/libgcrypt: New upstream version 1.7.8
Package-Manager: Portage-2.3.6, Repoman-2.3.1
An automated check of this bug failed - the following atom is unknown:
Please verify the atom list.
Changing designation to B3 as this requires specific configuration to be an attack vector, and impractical in nature.
GLSA Vote: No
Stable on alpha.
ping for hppa