Oval Definition:oval:com.redhat.rhsa:def:20131457
Revision Date:2013-10-24Version:635
Title:RHSA-2013:1457: libgcrypt security update (Moderate)
Description:The libgcrypt library provides general-purpose implementations of various cryptographic algorithms.

  • It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the L3 cache with the GnuPG process (such as a different local user or a user of a KVM guest running on the same host with the kernel same-page merging functionality enabled) could possibly use this flaw to obtain portions of the RSA secret key. (CVE-2013-4242)

    All libgcrypt users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2013-4242
    CVE-2013-4242
    RHSA-2013:1457
    RHSA-2013:1457-00
    RHSA-2013:1457-01
    Platform(s):Red Hat Enterprise Linux 5
    Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • libgcrypt is earlier than 0:1.4.5-11.el6_4
  • AND libgcrypt is signed with Red Hat redhatrelease2 key
  • libgcrypt-devel is earlier than 0:1.4.5-11.el6_4
  • AND libgcrypt-devel is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • libgcrypt is earlier than 0:1.4.4-7.el5_10
  • AND libgcrypt is signed with Red Hat redhatrelease2 key
  • libgcrypt-devel is earlier than 0:1.4.4-7.el5_10
  • AND libgcrypt-devel is signed with Red Hat redhatrelease2 key
    • BACK