serious flaw in libgcrypt?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

serious flaw in libgcrypt?

Mathias Homann-2
Hi guys,

https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html
and https://www.heise.de/security/meldung/Seitenkanalangriff-RSA-Verschluesselung-der-GnuPG-Kryptobibliothek-geknackt-3762957.html (in german)

Do we have that in Leap 42.2? Will we get that?

Cheers
MH

--
gpg key fingerprint: 5F64 4C92 9B77 DE37 D184  C5F9 B013 44E7 27BD 763C

signature.asc (650 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: serious flaw in libgcrypt?

Vitezslav Cizek-2
Hi Mathias,

On Tue, 04 Jul 2017 18:59:02 +0200
"Mathias Homann" <[hidden email]> wrote:

> Hi guys,
>
> https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html
> and
> https://www.heise.de/security/meldung/Seitenkanalangriff-RSA-Verschluesselung-der-GnuPG-Kryptobibliothek-geknackt-3762957.html
> (in german)
>
> Do we have that in Leap 42.2? Will we get that?

Leap 42.2 will get libgcrypt updates.
See https://bugzilla.opensuse.org/show_bug.cgi?id=1046607
The packages are currently being tested by QA.
 
> Cheers
> MH

--
Vítězslav Čížek             Emergency Update Team (EMU)
"Whilst you sleep, we're probably saving the universe."
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: serious flaw in libgcrypt?

Mathias Homann-2
Am Dienstag, 4. Juli 2017, 20:13:29 CEST schrieb Vitezslav Cizek:


> Leap 42.2 will get libgcrypt updates.
> See https://bugzilla.opensuse.org/show_bug.cgi?id=1046607
> The packages are currently being tested by QA.

*thumbs up*

--
gpg key fingerprint: 5F64 4C92 9B77 DE37 D184  C5F9 B013 44E7 27BD 763C

signature.asc (650 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: serious flaw in libgcrypt?

Thomas Biege
In reply to this post by Mathias Homann-2
Good morning,

the attack is not that critical as it needs local access by the
attacker. If you have local access why not opening a X pop-up and asking
for the key phrase, thunderbird and enigmail do this very frequently and
a user wouldn't be suspicious.


On 04.07.17 18:59, Mathias Homann wrote:
Viele Grüße / Best regards
Thomas
--
Thomas Biege <[hidden email]>, Team Lead MaintenanceSecurity, CSSLP
https://www.suse.com/security

SUSE Linux GmbH
GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nuernberg)


signature.asc (465 bytes) Download Attachment