FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

GnuPG and Libgcrypt -- side-channel attack vulnerability

Affected packages
libgcrypt < 1.5.3
linux-f10-libgcrypt < 1.5.3

Details

VuXML ID 689c2bf7-0701-11e3-9a25-002590860428
Discovery 2013-07-18
Entry 2013-08-17

Werner Koch of the GNU project reports:

Noteworthy changes in version 1.5.3:

Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys...

Note that Libgcrypt is used by GnuPG 2.x and thus this release fixes the above problem. The fix for GnuPG less than 2.0 can be found in the just released GnuPG 1.4.14.

References

CVE Name CVE-2013-4242
URL http://eprint.iacr.org/2013/448
URL http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000329.html
URL http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html