Advisories » MGASA-2013-0382

Updated gnupg package fixes CVE-2013-4576

Publication date: 20 Dec 2013
Modification date: 20 Dec 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-4576

Description

Updated gnupg package fixes security vulnerability:

Genkin, Shamir and Tromer discovered that RSA key material could be extracted
by using the sound generated by the computer during the decryption of some
chosen ciphertexts (CVE-2013-4576).
                

References

• http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html
• http://www.debian.org/security/2013/dsa-2821
• https://bugs.mageia.org/show_bug.cgi?id=12039
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4576

SRPMS

3/core

• gnupg-1.4.14-1.2.mga3