libgcrypt is vulnerable to information disclosure attacks. The vulnerability exists as GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.
bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880
eprint.iacr.org/2013/448
kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html
lists.opensuse.org/opensuse-updates/2013-08/msg00003.html
rhn.redhat.com/errata/RHSA-2013-1457.html
secunia.com/advisories/54318
secunia.com/advisories/54321
secunia.com/advisories/54332
secunia.com/advisories/54375
www.debian.org/security/2013/dsa-2730
www.debian.org/security/2013/dsa-2731
www.kb.cert.org/vuls/id/976534
www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
www.securityfocus.com/bid/61464
www.ubuntu.com/usn/USN-1923-1
access.redhat.com/security/updates/classification/#moderate
rhn.redhat.com/errata/RHSA-2013-1457.html