|Category:||Debian Local Security Checks|
|Title:||Debian Security Advisory DSA 2730-1 (gnupg - information leak)|
|Summary:||Yarom and Falkner discovered that RSA secret keys could be leaked via;a side channel attack, where a malicious local user could obtain private;key information from another user on the system.;;This update fixes this issue for the 1.4 series of GnuPG. GnuPG 2.x is;affected through its use of the libgcrypt11 library, a fix for which;will be published in DSA 2731.|
Yarom and Falkner discovered that RSA secret keys could be leaked via
a side channel attack, where a malicious local user could obtain private
key information from another user on the system.
This update fixes this issue for the 1.4 series of GnuPG. GnuPG 2.x is
affected through its use of the libgcrypt11 library, a fix for which
will be published in DSA 2731.
gnupg on Debian Linux
For the oldstable distribution (squeeze), this problem has been fixed in
For the stable distribution (wheezy), this problem has been fixed in
For the unstable distribution (sid), this problem has been fixed in
We recommend that you upgrade your gnupg packages.
Common Vulnerability Exposure (CVE) ID: CVE-2013-4242|
BugTraq ID: 61464
CERT/CC vulnerability note: VU#976534
Debian Security Information: DSA-2730 (Google Search)
Debian Security Information: DSA-2731 (Google Search)
RedHat Security Advisories: RHSA-2013:1457
SuSE Security Announcement: openSUSE-SU-2013:1294 (Google Search)
|Copyright||Copyright (C) 2013 Greenbone Networks GmbH http://greenbone.net|
|This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.