2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
54.4%
CentOS Errata and Security Advisory CESA-2014:0016
The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and
creating digital signatures, compliant with the proposed OpenPGP Internet
standard and the S/MIME standard.
It was found that GnuPG was vulnerable to side-channel attacks via acoustic
cryptanalysis. An attacker in close range to a target system that is
decrypting ciphertexts could possibly use this flaw to recover the RSA
secret key from that system. (CVE-2013-4576)
Red Hat would like to thank Werner Koch of GnuPG upstream for reporting
this issue. Upstream acknowledges Genkin, Shamir, and Tromer as the
original reporters.
All gnupg users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2014-January/082263.html
Affected packages:
gnupg
Upstream details at:
https://access.redhat.com/errata/RHSA-2014:0016
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 5 | i386 | gnupg | < 1.4.5-18.el5_10.1 | gnupg-1.4.5-18.el5_10.1.i386.rpm |
CentOS | 5 | x86_64 | gnupg | < 1.4.5-18.el5_10.1 | gnupg-1.4.5-18.el5_10.1.x86_64.rpm |