openSUSE-SU-2017:1822-1

Опубликовано: 07 июл. 2017

Источник: suse-cvrf

Описание

Security update for libgcrypt

This update for libgcrypt fixes the following issues:

CVE-2017-7526: Hardening against a local side-channel attack in RSA key handling has been added (bsc#1046607)

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.2

libgcrypt-1.6.1-34.6.1

libgcrypt-cavs-1.6.1-34.6.1

libgcrypt-devel-1.6.1-34.6.1

libgcrypt-devel-32bit-1.6.1-34.6.1

libgcrypt20-1.6.1-34.6.1

libgcrypt20-32bit-1.6.1-34.6.1

libgcrypt20-hmac-1.6.1-34.6.1

libgcrypt20-hmac-32bit-1.6.1-34.6.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-07/msg00043.html
E-Mail link for openSUSE-SU-2017:1822-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.

Затронутые продукты

openSUSE Leap 42.2:libgcrypt-1.6.1-34.6.1

openSUSE Leap 42.2:libgcrypt-cavs-1.6.1-34.6.1

openSUSE Leap 42.2:libgcrypt-devel-1.6.1-34.6.1

openSUSE Leap 42.2:libgcrypt-devel-32bit-1.6.1-34.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-7526.html
CVE-2017-7526
https://bugzilla.suse.com/1046607
SUSE Bug 1046607
https://bugzilla.suse.com/1047462
SUSE Bug 1047462
https://bugzilla.suse.com/1123792
SUSE Bug 1123792

openSUSE-SU-2017:1822-1

Описание

Список пакетов

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2017-7526

Описание

Затронутые продукты

Ссылки