ID CVE-2017-7526
Summary libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.
References
Vulnerable Configurations
  • GnuPG Libgcrypt 0.1.0
    cpe:2.3:a:gnupg:libgcrypt:0.1.0
  • GnuPG Libgcrypt 0.2.0
    cpe:2.3:a:gnupg:libgcrypt:0.2.0
  • GnuPG Libgcrypt 0.2.6
    cpe:2.3:a:gnupg:libgcrypt:0.2.6
  • GnuPG Libgcrypt 0.2.8
    cpe:2.3:a:gnupg:libgcrypt:0.2.8
  • GnuPG Libgcrypt 0.2.10
    cpe:2.3:a:gnupg:libgcrypt:0.2.10
  • GnuPG Libgcrypt 0.2.15
    cpe:2.3:a:gnupg:libgcrypt:0.2.15
  • GnuPG Libgcrypt 0.2.17
    cpe:2.3:a:gnupg:libgcrypt:0.2.17
  • GnuPG Libgcrypt 0.2.18
    cpe:2.3:a:gnupg:libgcrypt:0.2.18
  • GnuPG Libgcrypt 0.2.19
    cpe:2.3:a:gnupg:libgcrypt:0.2.19
  • GnuPG Libgcrypt 0.3.0
    cpe:2.3:a:gnupg:libgcrypt:0.3.0
  • GnuPG Libgcrypt 0.3.1
    cpe:2.3:a:gnupg:libgcrypt:0.3.1
  • GnuPG Libgcrypt 0.3.2
    cpe:2.3:a:gnupg:libgcrypt:0.3.2
  • GnuPG Libgcrypt 0.3.3
    cpe:2.3:a:gnupg:libgcrypt:0.3.3
  • GnuPG Libgcrypt 0.3.4
    cpe:2.3:a:gnupg:libgcrypt:0.3.4
  • GnuPG Libgcrypt 0.3.5
    cpe:2.3:a:gnupg:libgcrypt:0.3.5
  • GnuPG Libgcrypt 0.4.0
    cpe:2.3:a:gnupg:libgcrypt:0.4.0
  • GnuPG Libgcrypt 0.4.1
    cpe:2.3:a:gnupg:libgcrypt:0.4.1
  • GnuPG Libgcrypt 0.4.2
    cpe:2.3:a:gnupg:libgcrypt:0.4.2
  • GnuPG Libgcrypt 0.4.3
    cpe:2.3:a:gnupg:libgcrypt:0.4.3
  • GnuPG Libgcrypt 0.4.4
    cpe:2.3:a:gnupg:libgcrypt:0.4.4
  • GnuPG Libgcrypt 0.4.5
    cpe:2.3:a:gnupg:libgcrypt:0.4.5
  • GnuPG Libgcrypt 0.9.0
    cpe:2.3:a:gnupg:libgcrypt:0.9.0
  • GnuPG Libgcrypt 0.9.1
    cpe:2.3:a:gnupg:libgcrypt:0.9.1
  • GnuPG Libgcrypt 0.9.2
    cpe:2.3:a:gnupg:libgcrypt:0.9.2
  • GnuPG Libgcrypt 0.9.3
    cpe:2.3:a:gnupg:libgcrypt:0.9.3
  • GnuPG Libgcrypt 0.9.4
    cpe:2.3:a:gnupg:libgcrypt:0.9.4
  • GnuPG Libgcrypt 0.9.5
    cpe:2.3:a:gnupg:libgcrypt:0.9.5
  • GnuPG Libgcrypt 0.9.6
    cpe:2.3:a:gnupg:libgcrypt:0.9.6
  • GnuPG Libgcrypt 0.9.7
    cpe:2.3:a:gnupg:libgcrypt:0.9.7
  • GnuPG Libgcrypt 0.9.8
    cpe:2.3:a:gnupg:libgcrypt:0.9.8
  • GnuPG Libgcrypt 0.9.9
    cpe:2.3:a:gnupg:libgcrypt:0.9.9
  • GnuPG Libgcrypt 0.9.10
    cpe:2.3:a:gnupg:libgcrypt:0.9.10
  • GnuPG Libgcrypt 0.9.11
    cpe:2.3:a:gnupg:libgcrypt:0.9.11
  • GnuPG Libgcrypt 1.0.0
    cpe:2.3:a:gnupg:libgcrypt:1.0.0
  • GnuPG Libgcrypt 1.0.1
    cpe:2.3:a:gnupg:libgcrypt:1.0.1
  • GnuPG Libgcrypt 1.0.2
    cpe:2.3:a:gnupg:libgcrypt:1.0.2
  • GnuPG Libgcrypt 1.0.3
    cpe:2.3:a:gnupg:libgcrypt:1.0.3
  • GnuPG Libgcrypt 1.0.4
    cpe:2.3:a:gnupg:libgcrypt:1.0.4
  • GnuPG Libgcrypt 1.1.0
    cpe:2.3:a:gnupg:libgcrypt:1.1.0
  • GnuPG Libgcrypt 1.1.2
    cpe:2.3:a:gnupg:libgcrypt:1.1.2
  • GnuPG Libgcrypt 1.1.3
    cpe:2.3:a:gnupg:libgcrypt:1.1.3
  • GnuPG Libgcrypt 1.1.4
    cpe:2.3:a:gnupg:libgcrypt:1.1.4
  • GnuPG Libgcrypt 1.1.5
    cpe:2.3:a:gnupg:libgcrypt:1.1.5
  • GnuPG Libgcrypt 1.1.6
    cpe:2.3:a:gnupg:libgcrypt:1.1.6
  • GnuPG Libgcrypt 1.1.7
    cpe:2.3:a:gnupg:libgcrypt:1.1.7
  • GnuPG Libgcrypt 1.1.8
    cpe:2.3:a:gnupg:libgcrypt:1.1.8
  • GnuPG Libgcrypt 1.1.9
    cpe:2.3:a:gnupg:libgcrypt:1.1.9
  • GnuPG Libgcrypt 1.1.10
    cpe:2.3:a:gnupg:libgcrypt:1.1.10
  • GnuPG Libgcrypt 1.1.11
    cpe:2.3:a:gnupg:libgcrypt:1.1.11
  • GnuPG Libgcrypt 1.1.12
    cpe:2.3:a:gnupg:libgcrypt:1.1.12
  • GnuPG Libgcrypt 1.1.42
    cpe:2.3:a:gnupg:libgcrypt:1.1.42
  • GnuPG Libgcrypt 1.1.43
    cpe:2.3:a:gnupg:libgcrypt:1.1.43
  • GnuPG Libgcrypt 1.1.44
    cpe:2.3:a:gnupg:libgcrypt:1.1.44
  • GnuPG Libgcrypt 1.1.90
    cpe:2.3:a:gnupg:libgcrypt:1.1.90
  • GnuPG Libgcrypt 1.1.91
    cpe:2.3:a:gnupg:libgcrypt:1.1.91
  • GnuPG Libgcrypt 1.1.92
    cpe:2.3:a:gnupg:libgcrypt:1.1.92
  • GnuPG Libgcrypt 1.1.93
    cpe:2.3:a:gnupg:libgcrypt:1.1.93
  • GnuPG Libgcrypt 1.1.94
    cpe:2.3:a:gnupg:libgcrypt:1.1.94
  • GnuPG Libgcrypt 1.2.0
    cpe:2.3:a:gnupg:libgcrypt:1.2.0
  • GnuPG Libgcrypt 1.2.1
    cpe:2.3:a:gnupg:libgcrypt:1.2.1
  • GnuPG Libgcrypt 1.2.2
    cpe:2.3:a:gnupg:libgcrypt:1.2.2
  • GnuPG Libgcrypt 1.2.3
    cpe:2.3:a:gnupg:libgcrypt:1.2.3
  • GnuPG Libgcrypt 1.2.4
    cpe:2.3:a:gnupg:libgcrypt:1.2.4
  • GnuPG Libgcrypt 1.3.0
    cpe:2.3:a:gnupg:libgcrypt:1.3.0
  • GnuPG Libgcrypt 1.3.1
    cpe:2.3:a:gnupg:libgcrypt:1.3.1
  • GnuPG Libgcrypt 1.3.2
    cpe:2.3:a:gnupg:libgcrypt:1.3.2
  • GnuPG Libgcrypt 1.4.0
    cpe:2.3:a:gnupg:libgcrypt:1.4.0
  • GnuPG Libgcrypt 1.4.1
    cpe:2.3:a:gnupg:libgcrypt:1.4.1
  • GnuPG Libgcrypt 1.4.1 Release Candidate 1
    cpe:2.3:a:gnupg:libgcrypt:1.4.1:rc1
  • GnuPG Libgcrypt 1.4.2
    cpe:2.3:a:gnupg:libgcrypt:1.4.2
  • GnuPG Libgcrypt 1.4.2 Release Candidate 1
    cpe:2.3:a:gnupg:libgcrypt:1.4.2:rc1
  • GnuPG Libgcrypt 1.4.2 Release Candidate 2
    cpe:2.3:a:gnupg:libgcrypt:1.4.2:rc2
  • GnuPG Libgcrypt 1.4.3
    cpe:2.3:a:gnupg:libgcrypt:1.4.3
  • GnuPG Libgcrypt 1.4.4
    cpe:2.3:a:gnupg:libgcrypt:1.4.4
  • GnuPG Libgcrypt 1.4.5
    cpe:2.3:a:gnupg:libgcrypt:1.4.5
  • GnuPG Libgcrypt 1.4.6
    cpe:2.3:a:gnupg:libgcrypt:1.4.6
  • GnuPG Libgcrypt 1.5.0
    cpe:2.3:a:gnupg:libgcrypt:1.5.0
  • GnuPG Libgcrypt 1.5.0 Beta1
    cpe:2.3:a:gnupg:libgcrypt:1.5.0:beta1
  • GnuPG Libgcrypt 1.5.1
    cpe:2.3:a:gnupg:libgcrypt:1.5.1
  • GnuPG Libgcrypt 1.5.2
    cpe:2.3:a:gnupg:libgcrypt:1.5.2
  • GnuPG Libgcrypt 1.5.3
    cpe:2.3:a:gnupg:libgcrypt:1.5.3
  • GnuPG Libgcrypt 1.5.4
    cpe:2.3:a:gnupg:libgcrypt:1.5.4
  • GnuPG Libgcrypt 1.5.5
    cpe:2.3:a:gnupg:libgcrypt:1.5.5
  • GnuPG Libgcrypt 1.5.6
    cpe:2.3:a:gnupg:libgcrypt:1.5.6
  • GnuPG (Privacy Guard) Libgcrypt 1.6.0
    cpe:2.3:a:gnupg:libgcrypt:1.6.0
  • GnuPG (Privacy Guard) Libgcrypt 1.6.1
    cpe:2.3:a:gnupg:libgcrypt:1.6.1
  • GnuPG (Privacy Guard) Libgcrypt 1.6.2
    cpe:2.3:a:gnupg:libgcrypt:1.6.2
  • GnuPG (Privacy Guard) Libgcrypt 1.6.3
    cpe:2.3:a:gnupg:libgcrypt:1.6.3
  • GnuPG Libgcrypt 1.6.4
    cpe:2.3:a:gnupg:libgcrypt:1.6.4
  • GnuPG (Privacy Guard) Libgcrypt 1.6.5
    cpe:2.3:a:gnupg:libgcrypt:1.6.5
  • GnuPG Libgcrypt 1.6.6
    cpe:2.3:a:gnupg:libgcrypt:1.6.6
  • GnuPG (Privacy Guard) Libgcrypt 1.7.0
    cpe:2.3:a:gnupg:libgcrypt:1.7.0
  • GnuPG (Privacy Guard) Libgcrypt 1.7.1
    cpe:2.3:a:gnupg:libgcrypt:1.7.1
  • GnuPG (Privacy Guard) Libgcrypt 1.7.2
    cpe:2.3:a:gnupg:libgcrypt:1.7.2
  • GnuPG Libgcrypt 1.7.3
    cpe:2.3:a:gnupg:libgcrypt:1.7.3
  • GnuPG Libgcrypt 1.7.4
    cpe:2.3:a:gnupg:libgcrypt:1.7.4
  • GnuPG Libgcrypt 1.7.5
    cpe:2.3:a:gnupg:libgcrypt:1.7.5
  • GnuPG Libgcrypt 1.7.6
    cpe:2.3:a:gnupg:libgcrypt:1.7.6
  • GnuPG Libgcrypt 1.7.7
    cpe:2.3:a:gnupg:libgcrypt:1.7.7
  • Canonical Ubuntu Linux 12.04 ESM (Extended Security Maintenance)
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:esm
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3347-1.NASL
    description Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to recover RSA private keys. (CVE-2017-7526) It was discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to possibly recover EdDSA private keys. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-9526). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 101231
    published 2017-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101231
    title Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : libgcrypt11, libgcrypt20 vulnerabilities (USN-3347-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_7DA0417F6B2411E884CC002590ACAE31.NASL
    description GnuPG reports : GnuPG did not sanitize input file names, which may then be output to the terminal. This could allow terminal control sequences or fake status messages to be injected into the output.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110430
    published 2018-06-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110430
    title FreeBSD : gnupg -- unsanitized output (CVE-2018-12020) (7da0417f-6b24-11e8-84cc-002590acae31)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3901.NASL
    description Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack allowing full key recovery for RSA-1024. See https://eprint.iacr.org/2017/627 for details.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 101176
    published 2017-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101176
    title Debian DSA-3901-1 : libgcrypt20 - security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1866-1.NASL
    description This update for libgcrypt fixes the following security issue : - CVE-2017-7526: Hardening against local side-channel attack. (bsc#1046607) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120001
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120001
    title SUSE SLES12 Security Update : compat-libgcrypt11 (SUSE-SU-2017:1866-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_ED3BF4335D9211E7AA14E8E0B747A45A.NASL
    description GnuPG reports : Mitigate a flush+reload side-channel attack on RSA secret keys dubbed 'Sliding right into disaster'.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 101188
    published 2017-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101188
    title FreeBSD : libgcrypt -- side-channel attack on RSA secret keys (ed3bf433-5d92-11e7-aa14-e8e0b747a45a)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-3B70D0B976.NASL
    description New upstream release fixing moderate security issue CVE-2017-7526. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-10-03
    plugin id 101861
    published 2017-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101861
    title Fedora 24 : libgcrypt (2017-3b70d0b976)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2017-180-04.NASL
    description New libgcrypt packages are available for Slackware 14.2 and -current to fix a security issue.
    last seen 2019-02-21
    modified 2018-10-03
    plugin id 101118
    published 2017-06-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101118
    title Slackware 14.2 / current : libgcrypt (SSA:2017-180-04)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3960.NASL
    description Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that GnuPG is prone to a local side-channel attack allowing full key recovery for RSA-1024. See https://eprint.iacr.org/2017/627 for details.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 102927
    published 2017-09-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102927
    title Debian DSA-3960-1 : gnupg - security update
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2017-213-01.NASL
    description New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
    last seen 2019-02-21
    modified 2018-10-03
    plugin id 102133
    published 2017-08-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102133
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : gnupg (SSA:2017-213-01)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-A348B32EB5.NASL
    description New upstream release fixing moderate security issue CVE-2017-7526. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-10-03
    plugin id 101215
    published 2017-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101215
    title Fedora 25 : libgcrypt (2017-a348b32eb5)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1794-1.NASL
    description This update for libgcrypt fixes the following issues : - CVE-2017-7526: Hardening against a local side-channel attack in RSA key handling has been added (bsc#1046607) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 101292
    published 2017-07-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101292
    title SUSE SLED12 / SLES12 Security Update : libgcrypt (SUSE-SU-2017:1794-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-22107B1986.NASL
    description New upstream release fixing moderate security issue CVE-2017-7526. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-10-03
    plugin id 101589
    published 2017-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101589
    title Fedora 26 : libgcrypt (2017-22107b1986)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3733-1.NASL
    description Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that GnuPG is vulnerable to a cache side-channel attack. A local attacker could use this attack to recover RSA private keys. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 111581
    published 2018-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111581
    title Ubuntu 14.04 LTS / 16.04 LTS : gnupg vulnerability (USN-3733-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1793-1.NASL
    description This update for libgcrypt fixes the following issues : - CVE-2017-7526: Hardening a against local side-channel attack in RSA key handling has been added (bsc#1046607) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 101291
    published 2017-07-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101291
    title SUSE SLES11 Security Update : libgcrypt (SUSE-SU-2017:1793-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1015.NASL
    description It was discovered that there was a key disclosure vulnerability in libgcrypt11 a library of cryptographic routines : It is well known that constant-time implementations of modular exponentiation cannot use sliding windows. However, software libraries such as Libgcrypt, used by GnuPG, continue to use sliding windows. It is widely believed that, even if the complete pattern of squarings and multiplications is observed through a side-channel attack, the number of exponent bits leaked is not sufficient to carry out a full key-recovery attack against RSA. Specifically, 4-bit sliding windows leak only 40% of the bits, and 5-bit sliding windows leak only 33% of the bits. -- Sliding right into disaster: Left-to-right sliding windows leak For Debian 7 'Wheezy', this issue has been fixed in libgcrypt11 version 1.5.0-5+deb7u6. We recommend that you upgrade your libgcrypt11 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-10-03
    plugin id 101274
    published 2017-07-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101274
    title Debian DLA-1015-1 : libgcrypt11 security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-796.NASL
    description This update for libgcrypt fixes the following issues : - CVE-2017-7526: Hardening against a local side-channel attack in RSA key handling has been added (bsc#1046607) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-10-03
    plugin id 101346
    published 2017-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101346
    title openSUSE Security Update : libgcrypt (openSUSE-2017-796)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1080.NASL
    description Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that gnupg is prone to a local side-channel attack allowing full key recovery for RSA-1024. See https://eprint.iacr.org/2017/627 for details. For Debian 7 'Wheezy', these problems have been fixed in version 1.4.12-7+deb7u9. We recommend that you upgrade your gnupg packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-10-03
    plugin id 102888
    published 2017-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102888
    title Debian DLA-1080-1 : gnupg security update
refmap via4
bid 99338
confirm
debian
  • DSA-3901
  • DSA-3960
misc https://eprint.iacr.org/2017/627
mlist [gnupg-announce] 20170629 Libgcrypt 1.7.8 released to fix CVE-2017-7526
sectrack 1038915
ubuntu
  • USN-3733-1
  • USN-3733-2
the hacker news via4
id THN:CD366D42A4CB022576F8FB2BF3113246
last seen 2018-01-27
modified 2017-07-04
published 2017-07-03
reporter Mohit Kumar
source https://thehackernews.com/2017/07/gnupg-libgcrypt-rsa-encryption.html
title Researchers Crack 1024-bit RSA Encryption in GnuPG Crypto Library
Last major update 26-07-2018 - 09:29
Published 26-07-2018 - 09:29
Last modified 09-10-2019 - 19:29
Back to Top