[Announce] Libgcrypt 1.7.8 released to fix CVE-2017-7526
bernhard at intevation.de
Thu Jul 6 11:34:45 CEST 2017
Am Mittwoch 05 Juli 2017 21:39:26 schrieb Marcus Brinkmann via Gnupg-users:
> Caveat: I have only looked at the code of the oldest and newest
> versions. Remember that old versions may not even have 64-bit support,
> so they run on different CPU architectures. But the code is essentially
> the same as the vulnerable code in libgcrypt 1.7.7 for these:
> Probably all versions up to 1.7.7, starting from at least 1.2.0 (which
> is the oldest I could find).
Thanks for your useful examinations.
> > GnuPG v1.?
> Probably all versions from 1.0.4 up to 1.4.21. (I could not find 1.0.3,
> which according to the NEWS file is the first version with RSA support).
> I made a backport of the patch for GPG 1.4.21 here:
Yes good, though Werner' s comment there shows that there will be more things
> I have also found a paper that indicates that the exponent blinding
> defense is not as solid as one might think naively,
> Preprint available at https://eprint.iacr.org/2014/869.pdf
To my conculsion for users so far is:
The side-channel attack from CVE-2017-7526 and related side-channel attacks
and implementation fixes are under active examination by the GnuPG-Dev team.
My current understanding:
To prevent exploitation for GnuPG 1.4: prevent other users on the machine.
To be extra sure: Do not share a machine by VMs (unless they are well
For GnuPG 2.1: Update to a version using libgcrypt 1.7.8 or later
(or alternatively apply the same measures as for GnuPG 1.4).
We should take in depth discussions to gnupg-devel@ I guess.
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users