Advisories » MGASA-2017-0235

Updated gnupg packages fix security vulnerability

Publication date: 02 Aug 2017
Modification date: 02 Aug 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-7526

Description

Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot
Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and
Yuval Yarom discovered that GnuPG was susceptible to an attack via
side channels. A local attacker could use this attack to recover RSA
private keys (CVE-2017-7526).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21204
• http://openwall.com/lists/oss-security/2017/07/06/8
• https://www.gnupg.org/
• https://www.ubuntu.com/usn/usn-3347-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526

SRPMS

5/core

• gnupg-1.4.19-1.3.mga5

6/core

• gnupg-1.4.22-1.mga6