RHSA-2013:1457-01 -- Redhat libgcryptID: oval:org.secpod.oval:def:501122 | Date: (C)2013-11-26 (M)2023-12-07 |
Class: PATCH | Family: unix |
The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the L3 cache with the GnuPG process could possibly use this flaw to obtain portions of the RSA secret key. All libgcrypt users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
Platform: |
Red Hat Enterprise Linux 6 |
Red Hat Enterprise Linux 5 |