FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2013-4242

This CVE name corresponds to:

Entered Topic
2013-08-17 GnuPG and Libgcrypt -- side-channel attack vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2013-4242 at cve.mitre.org

Details

Type Candidate
Name CVE-2013-4242
Phase Assigned(20130612)

Description

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.

References

Source Reference
MLIST [gnupg-announce] 20130725 [Announce] [security fix] GnuPG 1.4.14 released
MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880
MISC http://eprint.iacr.org/2013/448
DEBIAN DSA-2730
DEBIAN DSA-2731
REDHAT RHSA-2013:1457
SUSE openSUSE-SU-2013:1294
UBUNTU USN-1923-1
CERT-VN VU#976534
BID 61464
SECUNIA 54318
SECUNIA 54321
SECUNIA 54332
SECUNIA 54375

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.