Bug 1181632 (CVE-2021-3345)

Summary: VUL-0: CVE-2021-3345: libgcrypt: heap buffer overflow in libgcrypt 1.9.0
Product: [Novell Products] SUSE Security Incidents Reporter: Alexandros Toptsoglou <atoptsoglou>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED UPSTREAM QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P5 - None CC: meissner, pmonrealgonzalez, suseino
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexandros Toptsoglou 2021-02-01 09:05:57 UTC 
Hello!

We have to announce the availability of Libgcrypt version 1.9.1.
This version fixes a *critical security bug* in the recently released
version 1.9.0.  If you are already using 1.9.0 please update immediately
to 1.9.1.

Libgcrypt is a general purpose library of cryptographic building blocks.
It is originally based on code used by GnuPG.  It does not provide any
implementation of OpenPGP or other protocols.  Thorough understanding of
applied cryptography is required to use Libgcrypt.


Impact and timeline
===================

Only one released version is affected:

 - Libgcrypt 1.9.0 (released 2021-01-19)

All other versions are not affected.

On 2021-01-28 Tavis Ormandy contacted us to report a severe bug in 1.9.0
which he found while testing GnuPG:

  There is a heap buffer overflow in libgcrypt due to an incorrect
  assumption in the block buffer management code. Just decrypting some
  data can overflow a heap buffer with attacker controlled data, no
  verification or signature is validated before the vulnerability
  occurs.

The bug was introduced during the the 1.9 development phase about two
years ago with commit e76617cbab018dd8f41fd6b4ec6740b5303f7e13 (Reduce
overhead on generic hash write function).

Exploiting this bug is simple and thus immediate action for 1.9.0 users
is required.  A CVE-id has not yet been assigned.  We track this bug at
https://dev.gnupg.org/T5275.  The 1.9.0 tarballs on our FTP server have
been renamed so that scripts won't be able to get this version anymore.


Solution
========

If Libgcrypt versions 1.9.0 is in use please update immediately to
version 1.9.1.

If you are using the 1.8 LTS branch you are not affected.  While you are
checking anyway please make sure that you have at least 1.8.5.

If you are using a development version build taken from our Git
repository you need to update as well.  NB: The use of non-released
versions in a production environment is strongly discouraged.

There is yet no released GnuPG version hich requires Libgcrypt 1.9

References
https://bugs.chromium.org/p/project-zero/issues/detail?id=2145
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=512c0c75276949f13b6373b5c04f7065af750b08
Comment 1 Alexandros Toptsoglou 2021-02-01 09:07:32 UTC 
Affects only the version 1.9.0. One should not use this version, instead he needs to jump directly to 1.9.1. SUSE is not affected by it since it ships older versions. Factory is also in version 1.8.7. Closing
Comment 2 Pedro Monreal Gonzalez 2021-02-01 09:10:39 UTC 
Fortunately, I didn't submit the update to 1.9.0 as I found some memleaks and build failures in 32bit archs. I'll submit 1.9.1 soon.
Comment 3 Pedro Monreal Gonzalez 2021-02-02 11:52:32 UTC 
Update to 1.9.1 submitted here: https://build.opensuse.org/request/show/868601
Comment 4 Alexandros Toptsoglou 2021-02-02 17:13:46 UTC 
*** Bug 1181712 has been marked as a duplicate of this bug. ***