Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2017-7526

Published: 29 June 2017

libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.

Priority

Medium

Cvss 3 Severity Score

6.8

Score breakdown

Status

Package Release Status
gnupg
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

disco Does not exist

trusty
Released (1.4.16-1ubuntu2.6)
upstream Needs triage

xenial
Released (1.4.20-1ubuntu3.3)
Patches:
upstream: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=b38f4489f75e6e435886aa885807738a22c7ff60
upstream: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=12029f83fd0ab3e8ad524f6c9135854662fddfd1
upstream: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=554ded4854758bf6ca268432fa087f946932a409
upstream: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=8fd9f72e1b2e578e45c98c978cab4f6d47683d2c
upstream: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=994d5b707559a800a650dc7f273372f509d74780





gnupg1
Launchpad, Ubuntu, Debian
bionic Not vulnerable

cosmic Not vulnerable

disco Not vulnerable

trusty Does not exist

upstream Needs triage

xenial Does not exist

libgcrypt11
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

trusty
Released (1.5.3-2ubuntu4.5)
upstream Needs triage

xenial Does not exist

yakkety Does not exist

zesty Does not exist

libgcrypt20
Launchpad, Ubuntu, Debian
artful Not vulnerable
(1.7.8-1)
bionic Not vulnerable
(1.7.8-1)
cosmic Not vulnerable
(1.7.8-1)
disco Not vulnerable
(1.7.8-1)
trusty Does not exist
(trusty was needed)
upstream
Released (1.7.8-1)
xenial
Released (1.6.5-2ubuntu0.3)
yakkety
Released (1.7.2-2ubuntu1.1)
zesty
Released (1.7.6-1ubuntu0.1)
Patches:





upstream: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=fbd10abc057453789017f11c7f1fc8e6c61b79a3
upstream: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=0e6788517eac6f508fa32ec5d5c1cada7fb980bc
upstream: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=a9f612def801c8145d551d995475e5d51a4c988c
upstream: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=aff5fd0f2650e24cf99efcd7b499627ea48782c3
upstream: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=312101e1f266314b4391fcdbe11c03de5c147e38

Severity score breakdown

Parameter Value
Base score 6.8
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Scope Changed
Confidentiality High
Integrity impact None
Availability impact None
Vector CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N