Opened 7 years ago
Closed 7 years ago
#9418 closed enhancement (fixed)
libgcrypt-1.7.8
| Reported by: | Pierre Labastie | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | 8.1 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version:
Noteworthy changes in version 1.7.8 (2017-06-29) [C21/A1/R8]
===================================
* Bug fixes:
- Mitigate a flush+reload side-channel attack on RSA secret keys
dubbed "Sliding right into disaster". For details see
<https://eprint.iacr.org/2017/627>. [CVE-2017-7526]
Note that this side-channel attack requires that the attacker can run
arbitrary software on the hardware where the private RSA key is used.
Allowing execute access to a box with private keys should be considered
as a game over condition, anyway. Thus in practice there are easier
ways to access the private keys than to mount this side-channel attack.
However, on boxes with virtual machines this attack may be used by one
VM to steal private keys from another VM.
Does not look like we should increase priority, but I am not sure.
Change History (2)
comment:1 by , 7 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 7 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Fixed at revision 18899.