- Vulnerability/
- USN-3347-1
USN-3347-1: Libgcrypt vulnerabilities
First published: Mon Jul 03 2017(Updated: )
Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to recover RSA private keys. (CVE-2017-7526) It was discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to possibly recover EdDSA private keys. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-9526)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libgcrypt20 | <1.7.6-1ubuntu0.1 | 1.7.6-1ubuntu0.1 |
| Ubuntu gir1.2-packagekitglib-1.0 | =17.04 | |
| All of | ||
| ubuntu/libgcrypt20 | <1.7.2-2ubuntu1.1 | 1.7.2-2ubuntu1.1 |
| Ubuntu gir1.2-packagekitglib-1.0 | =16.10 | |
| All of | ||
| ubuntu/libgcrypt20 | <1.6.5-2ubuntu0.3 | 1.6.5-2ubuntu0.3 |
| Ubuntu gir1.2-packagekitglib-1.0 | =16.04 | |
| All of | ||
| ubuntu/libgcrypt11 | <1.5.3-2ubuntu4.5 | 1.5.3-2ubuntu4.5 |
| Ubuntu gir1.2-packagekitglib-1.0 | =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2017-7526
- https://ubuntu.com/security/CVE-2017-9526
- https://ubuntu.com/security/notices/USN-3733-1
- https://ubuntu.com/security/notices/USN-3733-2
- https://ubuntu.com/security/notices/USN-3347-2
- https://launchpad.net/ubuntu/+source/libgcrypt20/1.7.6-1ubuntu0.1
- https://launchpad.net/ubuntu/+source/libgcrypt20/1.7.2-2ubuntu1.1
- https://launchpad.net/ubuntu/+source/libgcrypt20/1.6.5-2ubuntu0.3
- https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.3-2ubuntu4.5
- https://ubuntu.com/security/notices/USN-3347-1 (Advisory)
Frequently Asked Questions
What is the severity of USN-3347-1?
The severity of USN-3347-1 is considered high due to its potential for local attackers to exploit side channel vulnerabilities in Libgcrypt.
How do I fix USN-3347-1?
To fix USN-3347-1, upgrade Libgcrypt to the recommended versions: 1.7.6-1ubuntu0.1 for Ubuntu 17.04, 1.7.2-2ubuntu1.1 for Ubuntu 16.10, 1.6.5-2ubuntu0.3 for Ubuntu 16.04, or 1.5.3-2ubuntu4.5 for Ubuntu 14.04.
Who discovered the vulnerability USN-3347-1?
The vulnerability USN-3347-1 was discovered by researchers including Daniel J. Bernstein, Joachim Breitner, and several others.
What package is affected by USN-3347-1?
The package affected by USN-3347-1 is Libgcrypt, specifically versions prior to the patched releases mentioned in the advisory.
Is USN-3347-1 related to side channel attacks?
Yes, USN-3347-1 specifically addresses vulnerabilities in Libgcrypt that can be exploited via side channel attacks.
- agent/severity
- agent/references
- agent/first-publish-date
- agent/last-modified-date
- agent/type
- agent/title
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu gir1.2-packagekitglib-1.0
- version/ubuntu gir1.2-packagekitglib-1.0/17.04
- version/ubuntu gir1.2-packagekitglib-1.0/16.10
- version/ubuntu gir1.2-packagekitglib-1.0/16.04
- version/ubuntu gir1.2-packagekitglib-1.0/14.04