Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 621218 (CVE-2017-9526) - <dev-libs/libgcrypt-1.7.7: Possible timing attack on EdDSA session key
Summary: <dev-libs/libgcrypt-1.7.7: Possible timing attack on EdDSA session key
Status: RESOLVED FIXED
Alias: CVE-2017-9526
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on: CVE-2017-7526
Blocks:
  Show dependency tree
 
Reported: 2017-06-08 15:59 UTC by Agostino Sarubbo
Modified: 2017-09-10 22:59 UTC (History)
2 users (show)

See Also:
Package list:
dev-libs/libgcrypt-1.7.7 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2017-06-08 15:59:26 UTC
From ${URL} :

An attacker who learns the EdDSA session key from side-channel observation during the signing process, can easily recover the long-term secret key. Storing the session key in secure memory ensures that 
constant time point operations are used in the MPI library.

Upstream fixes:

master: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=5a22de904a0a366ae79f03ff1e13a1232a89e26b

1.7.x: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=f9494b3f258e01b6af8bd3941ce436bcc00afc56


@maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
Comment 1 Agostino Sarubbo gentoo-dev 2017-06-09 09:45:25 UTC
amd64 stable
Comment 2 Agostino Sarubbo gentoo-dev 2017-06-09 10:23:39 UTC
x86 stable
Comment 3 Agostino Sarubbo gentoo-dev 2017-06-10 13:49:29 UTC
sparc stable
Comment 4 Agostino Sarubbo gentoo-dev 2017-06-10 15:21:47 UTC
ia64 stable
Comment 5 Markus Meier gentoo-dev 2017-06-12 18:53:54 UTC
arm stable
Comment 6 Agostino Sarubbo gentoo-dev 2017-06-13 12:35:36 UTC
ppc64 stable
Comment 7 Tobias Klausmann (RETIRED) gentoo-dev 2017-06-20 15:00:52 UTC
Stable on alpha.
Comment 8 Agostino Sarubbo gentoo-dev 2017-06-21 12:03:53 UTC
ppc stable
Comment 9 Kristian Fiskerstrand (RETIRED) gentoo-dev 2017-06-24 11:33:38 UTC
GLSA Vote: No
Comment 10 Kristian Fiskerstrand (RETIRED) gentoo-dev 2017-06-29 07:59:57 UTC
We got bug 623006 now, so adding this to same glsa as that one
Comment 11 Kristian Fiskerstrand (RETIRED) gentoo-dev 2017-07-08 20:18:33 UTC
EdDSA is only used by gnupg in --expert mode and is not defined in official OpenPGP standard yet, so impact is particular in nature. Originally noglsa but changed pending bug 623006, which is now also designated noglsa.

Waiting for hppa in bug 623006 and cleanup