SB2017060233 - Side-channel attack in Libcrypt
Published: June 2, 2017
Security Bulletin ID
SB2017060233
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Side-channel attack (CVE-ID: CVE-2017-9526)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.The vulnerability exists in libgcrypt's EdDSA implementation. An attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key.
Remediation
Install update from vendor's website.