CVE-2017-7526 (retired)

Priority
Description
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack
resulting into a complete break of RSA-1024 while using the left-to-right
method for computing the sliding-window expansion. The same attack is
believed to work on RSA-2048 with moderately more computation. This
side-channel requires that attacker can run arbitrary software on the
hardware where the private RSA key is used.
Assigned-to
amurray
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Trusty/esm:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected
Ubuntu 19.04 (Disco Dingo):not-affected
Ubuntu 19.10 (Eoan):not-affected
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (1.5.0-3ubuntu0.7)
Trusty/esm:released (1.5.3-2ubuntu4.5)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
More Information

Updated: 2019-04-26 14:35:55 UTC (commit 30899e40836d26e1bb5f0b072d31fd87b6cf3bd4)