A vulnerability has been discovered and corrected in gnupg and in libgcrypt: Yarom and Falkner discovered that RSA secret keys in applications using GnuPG 1.x, and using the libgcrypt library, could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system . The updated packages have been patched to correct this issue.