[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2013-1457 -- Oracle libgcrypt

ID: oval:org.secpod.oval:def:1500294Date: (C)2013-11-12   (M)2023-12-07
Class: PATCHFamily: unix




An updated libgcrypt package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the L3 cache with the GnuPG process could possibly use this flaw to obtain portions of the RSA secret key. All libgcrypt users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.

Platform:
Oracle Linux 6
Product:
libgcrypt
Reference:
ELSA-2013-1457
CVE-2013-4242
CVE    1
CVE-2013-4242
CPE    2
cpe:/o:oracle:linux:6
cpe:/a:libgcrypt:libgcrypt

© SecPod Technologies