Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2014:0016
HistoryJan 08, 2014 - 10:53 p.m.

gnupg security update

2014-01-0822:53:33
CentOS Project
lists.centos.org
39

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

54.4%

JSON

CentOS Errata and Security Advisory CESA-2014:0016

The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and
creating digital signatures, compliant with the proposed OpenPGP Internet
standard and the S/MIME standard.

It was found that GnuPG was vulnerable to side-channel attacks via acoustic
cryptanalysis. An attacker in close range to a target system that is
decrypting ciphertexts could possibly use this flaw to recover the RSA
secret key from that system. (CVE-2013-4576)

Red Hat would like to thank Werner Koch of GnuPG upstream for reporting
this issue. Upstream acknowledges Genkin, Shamir, and Tromer as the
original reporters.

All gnupg users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2014-January/082263.html

Affected packages:
gnupg

Upstream details at:
https://access.redhat.com/errata/RHSA-2014:0016

OSVersionArchitecturePackageVersionFilename
CentOS5i386gnupg< 1.4.5-18.el5_10.1gnupg-1.4.5-18.el5_10.1.i386.rpm
CentOS5x86_64gnupg< 1.4.5-18.el5_10.1gnupg-1.4.5-18.el5_10.1.x86_64.rpm

Related

oraclelinux 1
nessus 19
prion 2
openvas 26
slackware 1
fedora 5
f5 2
ubuntu 1
mageia 1
debian 1
securityvulns 2
ubuntucve 2
redhat 1
veracode 1
amazon 2
freebsd 1
cve 2
debiancve 1
rosalinux 1
oraclelinux
oraclelinux
gnupg security update
2014-01-08 00:00:00
nessus
nessus
Scientific Linux Security Update : gnupg on SL5.x i386/x86_64 (20140108)
2014-01-10 00:00:00
Fedora 18 : gnupg-1.4.16-2.fc18 (2013-23678)
2013-12-30 00:00:00
Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : gnupg vulnerability (USN-2059-1)
2013-12-19 00:00:00
prion
prion
Code injection
2013-12-20 21:55:00
Code injection
2014-10-10 01:55:00
openvas
openvas
Fedora Update for gnupg FEDORA-2014-7676
2014-07-01 00:00:00
RedHat Update for gnupg RHSA-2014:0016-01
2014-01-21 00:00:00
Ubuntu Update for gnupg USN-2059-1
2013-12-23 00:00:00
slackware
slackware
[slackware-security] gnupg
2013-12-21 19:34:33
fedora
fedora
[SECURITY] Fedora 20 Update: gnupg-1.4.17-1.fc20
2014-06-27 02:28:57
[SECURITY] Fedora 20 Update: gnupg-1.4.16-2.fc20
2013-12-23 03:48:29
[SECURITY] Fedora 20 Update: gnupg-1.4.19-2.fc20
2015-03-14 09:16:09
f5
f5
SOL16396 - GnuPG vulnerability CVE-2013-4576
2015-04-09 00:00:00
K16396 : GnuPG vulnerability CVE-2013-4576
2015-04-09 00:00:00
ubuntu
ubuntu
GnuPG vulnerability
2013-12-18 00:00:00
mageia
mageia
Updated gnupg package fixes CVE-2013-4576
2013-12-20 21:29:34
debian
debian
[SECURITY] [DSA 2821-1] gnupg security update
2013-12-18 15:05:12
securityvulns
securityvulns
GnuPG acoustic attack
2013-12-23 00:00:00
[USN-2059-1] GnuPG vulnerability
2013-12-23 00:00:00
ubuntucve
ubuntucve
CVE-2013-4576
2013-12-18 00:00:00
CVE-2014-5270
2014-08-18 00:00:00
redhat
redhat
(RHSA-2014:0016) Moderate: gnupg security update
2014-01-08 00:00:00
veracode
veracode
Side-channel Attack
2019-01-15 08:54:58
amazon
amazon
Medium: gnupg
2014-01-14 16:18:00
Medium: libgcrypt
2015-08-04 17:43:00
freebsd
freebsd
gnupg -- RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack
2013-12-18 00:00:00
cve
cve
CVE-2013-4576
2013-12-20 21:55:00
CVE-2014-5270
2014-10-10 01:55:00
debiancve
debiancve
CVE-2014-5270
2014-10-10 01:55:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1870
2021-07-02 17:14:28

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

54.4%

JSON
Related for CESA-2014:0016
oraclelinux1nessus19prion2openvas26slackware1fedora5f52ubuntu1mageia1debian1securityvulns2ubuntucve2redhat1veracode1amazon2freebsd1cve2debiancve1rosalinux1