DebianDEBIAN:DSA-2731-1:D8DA9[SECURITY] [DSA 2731-1] libgcrypt11 security update
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.4%
Debian Security Advisory DSA-2731-1 [email protected]
http://www.debian.org/security/ Thijs Kinkhorst
July 29, 2013 http://www.debian.org/security/faq
Package : libgcrypt11
Vulnerability : information leak
Problem type : local
Debian-specific: no
CVE ID : CVE-2013-4242
Yarom and Falkner discovered that RSA secret keys in applications using
the libgcrypt11 library, for example GnuPG 2.x, could be leaked via
a side channel attack, where a malicious local user could obtain private
key information from another user on the system.
For the oldstable distribution (squeeze), this problem has been fixed in
version 1.4.5-2+squeeze1.
For the stable distribution (wheezy), this problem has been fixed in
version 1.5.0-5+deb7u1.
For the testing distribution (jessie) and unstable distribution (sid),
this problem has been fixed in version 1.5.3-1.
We recommend that you upgrade your libgcrypt11 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: [email protected]
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 7 | sparc | libgcrypt11-udeb | < 1.5.0-5+deb7u1 | libgcrypt11-udeb_1.5.0-5+deb7u1_sparc.deb |
| Debian | 6 | mips | gnupg-udeb | < 1.4.10-4+squeeze2 | gnupg-udeb_1.4.10-4+squeeze2_mips.deb |
| Debian | 7 | armhf | libgcrypt11 | < 1.5.0-5+deb7u1 | libgcrypt11_1.5.0-5+deb7u1_armhf.deb |
| Debian | 6 | i386 | gnupg-curl | < 1.4.10-4+squeeze2 | gnupg-curl_1.4.10-4+squeeze2_i386.deb |
| Debian | 7 | armel | gpgv-udeb | < 1.4.12-7+deb7u1 | gpgv-udeb_1.4.12-7+deb7u1_armel.deb |
| Debian | 7 | s390x | gnupg-curl | < 1.4.12-7+deb7u1 | gnupg-curl_1.4.12-7+deb7u1_s390x.deb |
| Debian | 6 | sparc | libgcrypt11-dev | < 1.4.5-2+squeeze1 | libgcrypt11-dev_1.4.5-2+squeeze1_sparc.deb |
| Debian | 7 | powerpc | libgcrypt11 | < 1.5.0-5+deb7u1 | libgcrypt11_1.5.0-5+deb7u1_powerpc.deb |
| Debian | 6 | ia64 | libgcrypt11 | < 1.4.5-2+squeeze1 | libgcrypt11_1.4.5-2+squeeze1_ia64.deb |
| Debian | 7 | armel | gnupg-udeb | < 1.4.12-7+deb7u1 | gnupg-udeb_1.4.12-7+deb7u1_armel.deb |
Related
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.4%