SUSE-SU-2017:1866-1

Опубликовано: 14 июл. 2017

Источник: suse-cvrf

Описание

Security update for compat-libgcrypt11

This update for libgcrypt fixes the following security issue:

CVE-2017-7526: Hardening against local side-channel attack. (bsc#1046607)

Список пакетов

SUSE Linux Enterprise Module for Legacy 12

compat-libgcrypt11-1.5.0-0.6.1

Ссылки

https://www.suse.com/support/update/announcement/2017/suse-su-20171866-1/
Link for SUSE-SU-2017:1866-1
https://lists.suse.com/pipermail/sle-security-updates/2017-July/003034.html
E-Mail link for SUSE-SU-2017:1866-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1046607
SUSE Bug 1046607
https://www.suse.com/security/cve/CVE-2017-7526/
SUSE CVE CVE-2017-7526 page

Описание

libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.

Затронутые продукты

SUSE Linux Enterprise Module for Legacy 12:compat-libgcrypt11-1.5.0-0.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-7526.html
CVE-2017-7526
https://bugzilla.suse.com/1046607
SUSE Bug 1046607
https://bugzilla.suse.com/1047462
SUSE Bug 1047462
https://bugzilla.suse.com/1123792
SUSE Bug 1123792

SUSE-SU-2017:1866-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Legacy 12

Ссылки

Уязвимость: CVE-2017-7526

Описание

Затронутые продукты

Ссылки