CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
5.3%
Debian Security Advisory DSA-2731-1 [email protected]
http://www.debian.org/security/ Thijs Kinkhorst
July 29, 2013 http://www.debian.org/security/faq
Package : libgcrypt11
Vulnerability : information leak
Problem type : local
Debian-specific: no
CVE ID : CVE-2013-4242
Yarom and Falkner discovered that RSA secret keys in applications using
the libgcrypt11 library, for example GnuPG 2.x, could be leaked via
a side channel attack, where a malicious local user could obtain private
key information from another user on the system.
For the oldstable distribution (squeeze), this problem has been fixed in
version 1.4.5-2+squeeze1.
For the stable distribution (wheezy), this problem has been fixed in
version 1.5.0-5+deb7u1.
For the testing distribution (jessie) and unstable distribution (sid),
this problem has been fixed in version 1.5.3-1.
We recommend that you upgrade your libgcrypt11 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | s390x | gnupg | < 1.4.12-7+deb7u1 | gnupg_1.4.12-7+deb7u1_s390x.deb |
Debian | 7 | kfreebsd-i386 | gpgv-udeb | < 1.4.12-7+deb7u1 | gpgv-udeb_1.4.12-7+deb7u1_kfreebsd-i386.deb |
Debian | 7 | mips | gnupg-udeb | < 1.4.12-7+deb7u1 | gnupg-udeb_1.4.12-7+deb7u1_mips.deb |
Debian | 7 | amd64 | libgcrypt11-dbg | < 1.5.0-5+deb7u1 | libgcrypt11-dbg_1.5.0-5+deb7u1_amd64.deb |
Debian | 6 | sparc | libgcrypt11-dbg | < 1.4.5-2+squeeze1 | libgcrypt11-dbg_1.4.5-2+squeeze1_sparc.deb |
Debian | 7 | all | gpgv-win32 | < 1.4.12-7+deb7u1 | gpgv-win32_1.4.12-7+deb7u1_all.deb |
Debian | 6 | powerpc | gpgv | < 1.4.10-4+squeeze2 | gpgv_1.4.10-4+squeeze2_powerpc.deb |
Debian | 7 | amd64 | gnupg-curl | < 1.4.12-7+deb7u1 | gnupg-curl_1.4.12-7+deb7u1_amd64.deb |
Debian | 7 | powerpc | libgcrypt11 | < 1.5.0-5+deb7u1 | libgcrypt11_1.5.0-5+deb7u1_powerpc.deb |
Debian | 6 | armel | gnupg | < 1.4.10-4+squeeze2 | gnupg_1.4.10-4+squeeze2_armel.deb |