PublicDateAtUSN: 2017-06-10
Candidate: CVE-2017-9526
PublicDate: 2017-06-11 02:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9526
 https://ubuntu.com/security/notices/USN-3347-1
Description:
 In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key
 (from side-channel observation during the signing process) can easily
 recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change
 to store this session key in secure memory, to ensure that constant-time
 point operations are used in the MPI library.
Ubuntu-Description:
Notes:
 tyhicks> EdDSA support was added in 1.6.0
Bugs:
 https://bugzilla.suse.com/show_bug.cgi?id=1042326
Priority: low
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N [5.9 MEDIUM]

Patches_libgcrypt20:
 upstream: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=f9494b3f258e01b6af8bd3941ce436bcc00afc56
 upstream: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=91456759b887e153c4d4ce19538d478df260cab2
upstream_libgcrypt20: released (1.7.6-2)
precise/esm_libgcrypt20: DNE
trusty_libgcrypt20: ignored (reached end-of-life)
trusty/esm_libgcrypt20: DNE (trusty was needed)
vivid/stable-phone-overlay_libgcrypt20: ignored (reached end-of-life)
vivid/ubuntu-core_libgcrypt20: ignored (reached end-of-life)
xenial_libgcrypt20: released (1.6.5-2ubuntu0.3)
esm-infra/xenial_libgcrypt20: released (1.6.5-2ubuntu0.3)
yakkety_libgcrypt20: released (1.7.2-2ubuntu1.1)
zesty_libgcrypt20: released (1.7.6-1ubuntu0.1)
artful_libgcrypt20: not-affected (1.7.6-2)
bionic_libgcrypt20: not-affected (1.7.6-2)
cosmic_libgcrypt20: not-affected (1.7.6-2)
disco_libgcrypt20: not-affected (1.7.6-2)
devel_libgcrypt20: not-affected (1.7.6-2)

Patches_libgcrypt11:
upstream_libgcrypt11: not-affected
precise/esm_libgcrypt11: not-affected
trusty_libgcrypt11: not-affected (1.5.3-2ubuntu4.4)
trusty/esm_libgcrypt11: not-affected (1.5.3-2ubuntu4.4)
vivid/stable-phone-overlay_libgcrypt11: DNE
vivid/ubuntu-core_libgcrypt11: DNE
xenial_libgcrypt11: DNE
yakkety_libgcrypt11: DNE
zesty_libgcrypt11: DNE
artful_libgcrypt11: DNE
bionic_libgcrypt11: DNE
cosmic_libgcrypt11: DNE
disco_libgcrypt11: DNE
devel_libgcrypt11: DNE