CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
EPSS
Percentile
5.3%
CentOS Errata and Security Advisory CESA-2013:1457
The libgcrypt library provides general-purpose implementations of various
cryptographic algorithms.
It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload
cache side-channel attack on the RSA secret exponent. An attacker able to
execute a process on the logical CPU that shared the L3 cache with the
GnuPG process (such as a different local user or a user of a KVM guest
running on the same host with the kernel same-page merging functionality
enabled) could possibly use this flaw to obtain portions of the RSA secret
key. (CVE-2013-4242)
All libgcrypt users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2013-October/082150.html
https://lists.centos.org/pipermail/centos-announce/2013-October/082154.html
Affected packages:
libgcrypt
libgcrypt-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2013:1457
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | libgcrypt | < 1.4.5-11.el6_4 | libgcrypt-1.4.5-11.el6_4.i686.rpm |
CentOS | 6 | i686 | libgcrypt-devel | < 1.4.5-11.el6_4 | libgcrypt-devel-1.4.5-11.el6_4.i686.rpm |
CentOS | 6 | i686 | libgcrypt | < 1.4.5-11.el6_4 | libgcrypt-1.4.5-11.el6_4.i686.rpm |
CentOS | 6 | x86_64 | libgcrypt | < 1.4.5-11.el6_4 | libgcrypt-1.4.5-11.el6_4.x86_64.rpm |
CentOS | 6 | i686 | libgcrypt-devel | < 1.4.5-11.el6_4 | libgcrypt-devel-1.4.5-11.el6_4.i686.rpm |
CentOS | 6 | x86_64 | libgcrypt-devel | < 1.4.5-11.el6_4 | libgcrypt-devel-1.4.5-11.el6_4.x86_64.rpm |
CentOS | 5 | i386 | libgcrypt | < 1.4.4-7.el5_10 | libgcrypt-1.4.4-7.el5_10.i386.rpm |
CentOS | 5 | i386 | libgcrypt-devel | < 1.4.4-7.el5_10 | libgcrypt-devel-1.4.4-7.el5_10.i386.rpm |
CentOS | 5 | i386 | libgcrypt | < 1.4.4-7.el5_10 | libgcrypt-1.4.4-7.el5_10.i386.rpm |
CentOS | 5 | x86_64 | libgcrypt | < 1.4.4-7.el5_10 | libgcrypt-1.4.4-7.el5_10.x86_64.rpm |