Oval Definition:oval:org.opensuse.security:def:20179526
Revision Date:2022-05-20Version:1
Title:CVE-2017-9526
Description:

In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2017-9526
SUSE-CU-2019:695-1
SUSE-CU-2019:706-1
SUSE-CU-2019:708-1
SUSE-CU-2019:710-1
SUSE-CU-2019:712-1
SUSE-CU-2019:714-1
SUSE-CU-2019:716-1
SUSE-CU-2019:719-1
SUSE-CU-2019:721-1
SUSE-CU-2019:723-1
SUSE-CU-2019:725-1
SUSE-CU-2019:727-1
SUSE-CU-2019:729-1
SUSE-CU-2019:731-1
SUSE-CU-2019:733-1
SUSE-CU-2019:738-1
SUSE-SU-2017:1608-1
openSUSE-SU-2017:1700-1
Mitre CVE-2017-9526
SUSE CVE-2017-9526
SUSE-CU-2019:695-1
SUSE-CU-2019:706-1
SUSE-CU-2019:708-1
SUSE-CU-2019:710-1
SUSE-CU-2019:712-1
SUSE-CU-2019:714-1
SUSE-CU-2019:716-1
SUSE-CU-2019:719-1
SUSE-CU-2019:721-1
SUSE-CU-2019:723-1
SUSE-CU-2019:725-1
SUSE-CU-2019:727-1
SUSE-CU-2019:729-1
SUSE-CU-2019:731-1
SUSE-CU-2019:733-1
SUSE-CU-2019:738-1
SUSE-SU-2017:1608-1
openSUSE-SU-2017:1700-1
Platform(s):openSUSE Leap 42.2
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise High Performance Computing 12
SUSE Linux Enterprise Module for Legacy 12
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 11 SP4
SUSE Linux Enterprise Software Development Kit 12 SP2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND Package Information
  • libgcrypt-1.6.1-16.39 is installed
  • OR libgcrypt20-1.6.1-16.39 is installed
  • OR libgcrypt20-32bit-1.6.1-16.39 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND
  • libgcrypt-1.6.1-16.39 is installed
  • OR libgcrypt20-1.6.1-16.39 is installed
  • OR libgcrypt20-32bit-1.6.1-16.39 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND
  • libgcrypt-1.6.1-16.39 is installed
  • OR libgcrypt20-1.6.1-16.39 is installed
  • OR libgcrypt20-32bit-1.6.1-16.39 is installed
  • OR libgcrypt20-hmac-1.6.1-16.39 is installed
  • OR libgcrypt20-hmac-32bit-1.6.1-16.39 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed
  • AND
  • libgcrypt-1.6.1-16.39 is installed
  • OR libgcrypt20-1.6.1-16.39 is installed
  • OR libgcrypt20-hmac-1.6.1-16.39 is installed
  • OR Package Information
  • SUSE Linux Enterprise Software Development Kit 12 SP2 is installed
  • AND
  • libgcrypt-1.6.1-16.39 is installed
  • OR libgcrypt-devel-1.6.1-16.39 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND
  • libgcrypt-1.6.1-16.39 is installed
  • OR libgcrypt20-1.6.1-16.39 is installed
  • OR libgcrypt20-32bit-1.6.1-16.39 is installed
  • OR libgcrypt20-hmac-1.6.1-16.39 is installed
  • OR libgcrypt20-hmac-32bit-1.6.1-16.39 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed
  • AND
  • libgcrypt-1.6.1-16.39 is installed
  • OR libgcrypt20-1.6.1-16.39 is installed
  • OR libgcrypt20-hmac-1.6.1-16.39 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • libgcrypt20-1.6.1-16.39.1 is installed
  • OR libgcrypt20-32bit-1.6.1-16.39.1 is installed
  • OR libgcrypt20-hmac-1.6.1-16.39.1 is installed
  • OR libgcrypt20-hmac-32bit-1.6.1-16.39.1 is installed
    • Definition Synopsis
  • openSUSE Leap 42.2 is installed
  • AND Package Information
  • libgcrypt-1.6.1-34.3.1 is installed
  • AND libgcrypt is signed with openSUSE key
  • OR
  • libgcrypt-cavs-1.6.1-34.3.1 is installed
  • AND libgcrypt-cavs is signed with openSUSE key
  • OR
  • libgcrypt-devel-1.6.1-34.3.1 is installed
  • AND libgcrypt-devel is signed with openSUSE key
  • OR
  • libgcrypt-devel-32bit-1.6.1-34.3.1 is installed
  • AND libgcrypt-devel-32bit is signed with openSUSE key
  • OR
  • libgcrypt20-1.6.1-34.3.1 is installed
  • AND libgcrypt20 is signed with openSUSE key
  • OR
  • libgcrypt20-32bit-1.6.1-34.3.1 is installed
  • AND libgcrypt20-32bit is signed with openSUSE key
  • OR
  • libgcrypt20-hmac-1.6.1-34.3.1 is installed
  • AND libgcrypt20-hmac is signed with openSUSE key
  • OR
  • libgcrypt20-hmac-32bit-1.6.1-34.3.1 is installed
  • AND libgcrypt20-hmac-32bit is signed with openSUSE key
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed
  • AND
  • libgcrypt-1.6.1-16.39 is installed
  • OR libgcrypt20-1.6.1-16.39 is installed
  • OR libgcrypt20-32bit-1.6.1-16.39 is installed
  • OR libgcrypt20-hmac-1.6.1-16.39 is installed
  • OR libgcrypt20-hmac-32bit-1.6.1-16.39 is installed
  • OR Package Information
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND
  • libgcrypt-1.6.1-16.39 is installed
  • OR libgcrypt20-1.6.1-16.39 is installed
  • OR libgcrypt20-32bit-1.6.1-16.39 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed
  • AND
  • libgcrypt-1.6.1-16.39 is installed
  • OR libgcrypt20-1.6.1-16.39 is installed
  • OR libgcrypt20-hmac-1.6.1-16.39 is installed
  • OR Package Information
  • SUSE Linux Enterprise Software Development Kit 12 SP2 is installed
  • AND
  • libgcrypt-1.6.1-16.39 is installed
  • OR libgcrypt-devel-1.6.1-16.39 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed
  • AND
  • libgcrypt-1.6.1-16.39 is installed
  • OR libgcrypt20-1.6.1-16.39 is installed
  • OR libgcrypt20-32bit-1.6.1-16.39 is installed
  • OR libgcrypt20-hmac-1.6.1-16.39 is installed
  • OR libgcrypt20-hmac-32bit-1.6.1-16.39 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed
  • AND
  • libgcrypt-1.6.1-16.39 is installed
  • OR libgcrypt20-1.6.1-16.39 is installed
  • OR libgcrypt20-hmac-1.6.1-16.39 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 11 SP4 is installed
  • OR SUSE Linux Enterprise Software Development Kit 11 SP4 is installed
  • AND libgcrypt is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Module for Legacy 12 is installed
  • AND compat-libgcrypt11 is not affected
  • OR Package Information
  • SUSE Linux Enterprise Software Development Kit 12 SP2 is installed
  • AND libgcrypt-devel-1.6.1-16.39.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND
  • libgcrypt20-1.6.1-16.39.1 is installed
  • OR libgcrypt20-32bit-1.6.1-16.39.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed
  • AND
  • libgcrypt20-1.6.1-16.39.1 is installed
  • OR libgcrypt20-hmac-1.6.1-16.39.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed
  • AND
  • libgcrypt20-1.6.1-16.39.1 is installed
  • OR libgcrypt20-32bit-1.6.1-16.39.1 is installed
  • OR libgcrypt20-hmac-1.6.1-16.39.1 is installed
  • OR libgcrypt20-hmac-32bit-1.6.1-16.39.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND libgcrypt is affected
  • OR Package Information
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND
  • libgcrypt20-1.6.1-16.39.1 is installed
  • OR libgcrypt20-32bit-1.6.1-16.39.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND libgcrypt is affected
  • OR Package Information
  • SUSE Linux Enterprise High Performance Computing 12 is installed
  • OR SUSE Linux Enterprise Module for Legacy 12 is installed
  • OR SUSE Linux Enterprise Server 12 is installed
  • OR SUSE Linux Enterprise Server 12 SP3 is installed
  • OR SUSE Linux Enterprise Server 12 SP4 is installed
  • OR SUSE Linux Enterprise Server 12 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed
  • AND compat-libgcrypt11 is not affected
  • OR Package Information
  • SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed
  • AND
  • libgcrypt20-1.6.1-16.39.1 is installed
  • OR libgcrypt20-hmac-1.6.1-16.39.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed
  • AND
  • libgcrypt20-1.6.1-16.39.1 is installed
  • OR libgcrypt20-32bit-1.6.1-16.39.1 is installed
  • OR libgcrypt20-hmac-1.6.1-16.39.1 is installed
  • OR libgcrypt20-hmac-32bit-1.6.1-16.39.1 is installed
    • BACK