LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 07-26-2013, 04:51 PM   #1
mancha
Member
 
Registered: Aug 2012
Posts: 279

Rep: Reputation: Disabled
[Slackware-security] GnuPG flush+reload attack (lather+rinse+repeat)


This side-channel vulnerability has been assigned CVE-2013-4242 and affects gnupg 1.4.x (fixed
in 1.4.14) and gnupg 2.0.x via libgcrypt (fixed in libgcrypt 1.5.3).

The purpose of this message is two-fold. On the one hand, I wanted to give Pat a heads up
about the security releases though the urgency is somewhat limited given the complexity of
the attack. That said, GnuPG's reason for being is security so any vulnerability is worth
taking seriously.

I also want to share a very interesting paper describing the attack for those who enjoy
reading this kind of material.

One thing which stood out as I read it was the incredible efficacy of the attack. With only a
single signing/encryption round, over 98% of the bits of an RSA private key could be recovered.

--mancha

Last edited by mancha; 07-26-2013 at 04:56 PM.
 
Old 08-23-2013, 08:54 AM   #2
mancha
Member
 
Registered: Aug 2012
Posts: 279

Original Poster
Rep: Reputation: Disabled
Quote:
[slackware-security] gnupg / libgcrypt (SSA:2013-215-01)

New gnupg and libgcrypt packages are available for Slackware 12.1, 12.2, 13.0,
13.1, 13.37, 14.0, and -current to fix a security issue. New libgpg-error
packages are also available for Slackware 13.1 and older as the supplied
version wasn't new enough to compile the fixed version of libgcrypt.
Tagging this solved.
 
  


Reply

Tags
gnupg, security


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
99% cpu usage due to flush-8:0 & flush-8:16 propofol Debian 4 09-09-2011 03:03 PM
LXer: Digital security with GnuPG plugins LXer Syndicated Linux News 0 09-14-2007 01:41 PM
GnuPG - best permissions & security of decrypted file - help please emuub Linux - Security 1 10-14-2005 05:28 PM
how to reload sbp2 module /Flush terminal command cache Lakota Mandriva 1 12-07-2004 02:08 PM


All times are GMT -5. The time now is 08:20 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration