CVE-2017-7526

Priority
Description
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack
resulting into a complete break of RSA-1024 while using the left-to-right
method for computing the sliding-window expansion. The same attack is
believed to work on RSA-2048 with moderately more computation. This
side-channel requires that attacker can run arbitrary software on the
hardware where the private RSA key is used.
Assigned-to
amurray
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected
Ubuntu 19.04 (Disco Dingo):not-affected
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (1.5.0-3ubuntu0.7)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.5.3-2ubuntu4.5)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
More Information

Updated: 2018-10-31 20:29:37 UTC (commit cfa7cf69d76449ccff972ac22f40976a08d908c2)