1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2730-1] gnupg security update

    From Thijs Kinkhorst@1:229/2 to All on Mon Jul 29 21:00:03 2013
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2730-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst
    July 29, 2013 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : gnupg
    Vulnerability : information leak
    Problem type : local
    Debian-specific: no
    CVE ID : CVE-2013-4242
    Debian Bug : 717880

    Yarom and Falkner discovered that RSA secret keys could be leaked via
    a side channel attack, where a malicious local user could obtain private
    key information from another user on the system.

    This update fixes this issue for the 1.4 series of GnuPG. GnuPG 2.x is
    affected through its use of the libgcrypt11 library, a fix for which
    will be published in DSA 2731.

    For the oldstable distribution (squeeze), this problem has been fixed in version 1.4.10-4+squeeze2.

    For the stable distribution (wheezy), this problem has been fixed in
    version 1.4.12-7+deb7u1.

    For the unstable distribution (sid), this problem has been fixed in
    version 1.4.14-1.

    We recommend that you upgrade your gnupg packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.12 (GNU/Linux)

    iQEcBAEBAgAGBQJR9rJTAAoJEFb2GnlAHawEAkwH/07XKazUSpyeAgLj7NML+CH1 C1d6wLHKVQ7TtJMAS9vSWiRsrlRYNFPtdyayVb+viLEjOtvZkZH7zmgWELndVyyZ KDDFJmN0pe6beMiUn5aa7DrqtGh7541hpxS+V/2UTqtrcAVBRaMmNtl9od075FPZ Tg3mXMwqlP3Lv+Qh8uKmvdYFJmfCLoDSSPA8KiFSILyB1c0J3fiAx4fXt2nvPey6 NnVYjo9MnzRVkTdFb4IiQylWNbUigikf3OwygTBdcU4eaLNBb+/UBxMh8UqFlvN9 sNgcvTtKuYGDtO/fvmpIGRux6WBUKsybI6WdKR1IPqTzhFwzRmGDPZ8UrIslQvc=
    =lPvU
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)