[Announce] Libgcrypt 1.7.8 released to fix CVE-2017-7526

Bernhard Reiter bernhard at intevation.de
Thu Jul 6 11:34:45 CEST 2017

Am Mittwoch 05 Juli 2017 21:39:26 schrieb Marcus Brinkmann via Gnupg-users:
> Caveat: I have only looked at the code of the oldest and newest
> versions.  Remember that old versions may not even have 64-bit support,
> so they run on different CPU architectures.  But the code is essentially
> the same as the vulnerable code in libgcrypt 1.7.7 for these:

> Probably all versions up to 1.7.7, starting from at least 1.2.0 (which
> is the oldest I could find).

Thanks for your useful examinations.

> >   GnuPG v1.?
> Probably all versions from 1.0.4 up to 1.4.21.  (I could not find 1.0.3,
> which according to the NEWS file is the first version with RSA support).
> I made a backport of the patch for GPG 1.4.21 here:
> https://dev.gnupg.org/D438

Yes good, though Werner' s comment there shows that there will be more things 
to consider.


> I have also found a paper that indicates that the exponent blinding
> defense is not as solid as one might think naively,

> Preprint available at https://eprint.iacr.org/2014/869.pdf

To my conculsion for users so far is:
The side-channel attack from CVE-2017-7526 and related side-channel attacks
and implementation fixes are under active examination by the GnuPG-Dev team.

My current understanding:
To prevent exploitation for GnuPG 1.4: prevent other users on the machine.
To be extra sure: Do not share a machine by VMs (unless they are well 
For GnuPG 2.1: Update to a version using libgcrypt 1.7.8 or later
(or alternatively apply the same measures as for GnuPG 1.4).

We should take in depth discussions to gnupg-devel@ I guess.

Best Regards,

www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20170706/39df3827/attachment.sig>

More information about the Gnupg-users mailing list