2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
Genkin, Pipman and Tromer discovered a side-channel attack on Elgamal
encryption subkeys
(
CVE-2014-5270).
In addition, this update hardens GnuPG’s behaviour when treating
keyserver responses; GnuPG now filters keyserver responses to only
accepts those keyid’s actually requested by the user.
For the stable distribution (wheezy), this problem has been fixed in
version 1.4.12-7+deb7u6.
For the testing (jessie) and unstable distribution (sid), this
problem has been fixed in version 1.4.18-4.
We recommend that you upgrade your gnupg packages.
CPE | Name | Operator | Version |
---|---|---|---|
gnupg | eq | 1.4.12-7+deb7u2 | |
gnupg | eq | 1.4.12-7 | |
gnupg | eq | 1.4.12-7+deb7u4 | |
gnupg | eq | 1.4.12-7+deb7u1 | |
gnupg | eq | 1.4.12-7+deb7u3 | |
gnupg | eq | 1.4.12-7+deb7u5 |