Nome do pacote
gnupg
Data
2013-08-01
ID Alerta
MDVSA-2013:205
Versões afetadas
MES5 i586 , MBS1 x86_64 , MES5 x86_64

Descrição do problema

A vulnerability has been discovered and corrected in gnupg and in
libgcrypt:

Yarom and Falkner discovered that RSA secret keys in applications
using GnuPG 1.x, and using the libgcrypt library, could be leaked via a
side channel attack, where a malicious local user could obtain private
key information from another user on the system (CVE-2013-4242).

The updated packages have been patched to correct this issue.

Pacotes atualizados

MES5 i586

 58650ae6d6e7497d53ea5bd9f9641af9  mes5/i586/gnupg-1.4.9-5.2mdvmes5.2.i586.rpm
 03a01de0736c7c2e7dfeb2709aa3d119  mes5/i586/libgcrypt11-1.4.1-2.1mdvmes5.2.i586.rpm
 db83380324e2306d0c0f3c88077fcfdf  mes5/i586/libgcrypt-devel-1.4.1-2.1mdvmes5.2.i586.rpm 
 9ce03d48a55c0a57899666c9da73a8d0  mes5/SRPMS/gnupg-1.4.9-5.2mdvmes5.2.src.rpm
 fe0cd01550415177b512b67c492a8e6b  mes5/SRPMS/libgcrypt-1.4.1-2.1mdvmes5.2.src.rpm

MBS1 x86_64

 e3c5a687a8a6ee2938fbb7a8e22d6a66  mbs1/x86_64/gnupg-1.4.12-2.2.mbs1.x86_64.rpm
 e8fde35edd870fc2cdd571f571c59503  mbs1/x86_64/lib64gcrypt11-1.5.0-3.1.mbs1.x86_64.rpm
 af18601387f427d374fc34f64b52b08b  mbs1/x86_64/lib64gcrypt-devel-1.5.0-3.1.mbs1.x86_64.rpm 
 c4dfd4bc8e2f4ae1402351d8a468c2d4  mbs1/SRPMS/gnupg-1.4.12-2.2.mbs1.src.rpm
 926265bae357abf8a0093361a28ca2d5  mbs1/SRPMS/libgcrypt-1.5.0-3.1.mbs1.src.rpm

MES5 x86_64

 d5fb643f7e763f2a6839db454bb070ae  mes5/x86_64/gnupg-1.4.9-5.2mdvmes5.2.x86_64.rpm
 4592a078366b344b0c2987dbe76e6c4d  mes5/x86_64/lib64gcrypt11-1.4.1-2.1mdvmes5.2.x86_64.rpm
 e5f910d33187de9dfcfb86d18990e582  mes5/x86_64/lib64gcrypt-devel-1.4.1-2.1mdvmes5.2.x86_64.rpm 
 9ce03d48a55c0a57899666c9da73a8d0  mes5/SRPMS/gnupg-1.4.9-5.2mdvmes5.2.src.rpm
 fe0cd01550415177b512b67c492a8e6b  mes5/SRPMS/libgcrypt-1.4.1-2.1mdvmes5.2.src.rpm

Referências