Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • Adélie Package Tree Adélie Package Tree
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 385
    • Issues 385
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 20
    • Merge requests 20
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Releases
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Adélie Linux
  • Adélie Package TreeAdélie Package Tree
  • Issues
  • #119
Closed
Open
Created Jul 26, 2019 by Emily@emily🤖

system/libgcrypt: multiple vulnerabilities

Bugzilla ID 119
Alias(es) CVE-2019-12904, CVE-2019-13627
Reporter Max Rees (sroracle)
Assignee Max Rees (sroracle)
Reported 2019-07-26 12:26:46 -0500
Modified 2020-06-22 06:22:39 -0500
Status CONFIRMED
Version 1.0-BETA3
Hardware Adélie Linux / All
Importance --- / normal
Package(s) system/libgcrypt
URL https://nvd.nist.gov/vuln/detail/CVE-2019-12904

Description

In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a
flush-and-reload side-channel attack because physical addresses are
available to other processes. (The C implementation is used on
platforms where an assembly-language implementation is unavailable.)

From gcrypt-devel@gnupg.org: https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html

I was wondering if the vulnerability has been determined to be
legitimate and if we will see a new release with this vulnerability
Not yet and thus don't see a reason for any immediate action. In
fact, static tables are very common in crypto software and thus many
more AES implementations would be affected.

Waiting on new release.

Assignee
Assign to
Time tracking