CVE-2018-0495 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Private key recovery
Description	An implementation flaw has been discovered in multiple cryptographic libraries that allows a side-channel based attacker to recover ECDSA or DSA private keys. When these cryptographic libraries use the private key to create a signature, such as for a TLS or SSH connection, they inadvertently leak information through memory caches. An unprivileged attacker running on the same machine can collect the information from a few thousand signatures and recover the value of the private key.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-719	libgcrypt	1.8.2-1	1.8.3-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
16 Jun 2018	ASA-201806-10	AVG-719	libgcrypt	High	private key recovery

References
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=9010d1576e278a4274ad3f4aa15776c28f6ba965;hp=7b6c2afd699e889f5f054cc3d202a61bd0ee1dcf https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/

References

https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=9010d1576e278a4274ad3f4aa15776c28f6ba965;hp=7b6c2afd699e889f5f054cc3d202a61bd0ee1dcf
https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html
https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/