[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2013:1458-01 -- Redhat gnupg

ID: oval:org.secpod.oval:def:501121Date: (C)2013-11-26   (M)2023-12-07
Class: PATCHFamily: unix




The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the L3 cache with the GnuPG process could possibly use this flaw to obtain portions of the RSA secret key. A denial of service flaw was found in the way GnuPG parsed certain compressed OpenPGP packets. An attacker could use this flaw to send specially crafted input data to GnuPG, making GnuPG enter an infinite loop when parsing data. It was found that importing a corrupted public key into a GnuPG keyring database corrupted that keyring. An attacker could use this flaw to trick a local user into importing a specially crafted public key into their keyring database, causing the keyring to be corrupted and preventing its further use. It was found that GnuPG did not properly interpret the key flags in a PGP key packet. GPG could accept a key for uses not indicated by its holder. Red Hat would like to thank Werner Koch for reporting the CVE-2013-4402 issue. Upstream acknowledges Taylor R Campbell as the original reporter. All gnupg users are advised to upgrade to this updated package, which contains backported patches to correct these issues.

Platform:
Red Hat Enterprise Linux 5
Product:
gnupg
Reference:
RHSA-2013:1458-01
CVE-2012-6085
CVE-2013-4242
CVE-2013-4351
CVE-2013-4402
CVE    4
CVE-2013-4242
CVE-2013-4351
CVE-2013-4402
CVE-2012-6085
...
CPE    92
cpe:/a:gnupg:gnupg:2.1.0:beta1
cpe:/a:gnupg:gnupg:0.2.16
cpe:/a:gnupg:gnupg:0.2.15
cpe:/a:gnupg:gnupg:1.4.8
...

© SecPod Technologies