Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2013:1458 - Security Advisory
Issued:
2013-10-24
Updated:
2013-10-24

RHSA-2013:1458 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: gnupg security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An updated gnupg package that fixes multiple security issues is now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and
creating digital signatures, compliant with the proposed OpenPGP Internet
standard and the S/MIME standard.

It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload
cache side-channel attack on the RSA secret exponent. An attacker able to
execute a process on the logical CPU that shared the L3 cache with the
GnuPG process (such as a different local user or a user of a KVM guest
running on the same host with the kernel same-page merging functionality
enabled) could possibly use this flaw to obtain portions of the RSA secret
key. (CVE-2013-4242)

A denial of service flaw was found in the way GnuPG parsed certain
compressed OpenPGP packets. An attacker could use this flaw to send
specially crafted input data to GnuPG, making GnuPG enter an infinite loop
when parsing data. (CVE-2013-4402)

It was found that importing a corrupted public key into a GnuPG keyring
database corrupted that keyring. An attacker could use this flaw to trick a
local user into importing a specially crafted public key into their keyring
database, causing the keyring to be corrupted and preventing its further
use. (CVE-2012-6085)

It was found that GnuPG did not properly interpret the key flags in a PGP
key packet. GPG could accept a key for uses not indicated by its holder.
(CVE-2013-4351)

Red Hat would like to thank Werner Koch for reporting the CVE-2013-4402
issue. Upstream acknowledges Taylor R Campbell as the original reporter.

All gnupg users are advised to upgrade to this updated package, which
contains backported patches to correct these issues.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 891142 - CVE-2012-6085 GnuPG: read_block() corrupt key input validation
  • BZ - 988589 - CVE-2013-4242 GnuPG susceptible to Yarom/Falkner flush+reload cache side-channel attack
  • BZ - 1010137 - CVE-2013-4351 gnupg: treats no-usage-permitted keys as all-usages-permitted
  • BZ - 1015685 - CVE-2013-4402 GnuPG: infinite recursion in the compressed packet parser DoS

CVEs

  • CVE-2012-6085
  • CVE-2013-4351
  • CVE-2013-4242
  • CVE-2013-4402

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
gnupg-1.4.5-18.el5_10.src.rpm SHA-256: 2bf142808cee3be183db87f407df4410e35045abade9b63f5d9b3eb3ac7af49f
x86_64
gnupg-1.4.5-18.el5_10.x86_64.rpm SHA-256: 252436c5f6d56fca4f83f278f66d42984533a860284ee065955f05b24082173c
gnupg-debuginfo-1.4.5-18.el5_10.x86_64.rpm SHA-256: 89a67d3b7e5048f6a4f0e7060cc9804ec932718006a1032b67aab0e2b6d8c8c4
ia64
gnupg-1.4.5-18.el5_10.ia64.rpm SHA-256: 3c4509ab41572c8c8933d30355f756a8da67b83a38a0b18afb0c5333001ecd6b
gnupg-debuginfo-1.4.5-18.el5_10.ia64.rpm SHA-256: 0c53193c3d626ca0288982d3e0feef85f507c945edc7f5cee1230b9389144036
i386
gnupg-1.4.5-18.el5_10.i386.rpm SHA-256: 3bb2ed136422bfe5156ced65491a9b75a9b9842519b3b7bd83093b1b624a8d60
gnupg-debuginfo-1.4.5-18.el5_10.i386.rpm SHA-256: 8664300a2065fc95032de7e80ba8e82c738486970516e7a7912e2797b2461e5d

Red Hat Enterprise Linux Workstation 5

SRPM
gnupg-1.4.5-18.el5_10.src.rpm SHA-256: 2bf142808cee3be183db87f407df4410e35045abade9b63f5d9b3eb3ac7af49f
x86_64
gnupg-1.4.5-18.el5_10.x86_64.rpm SHA-256: 252436c5f6d56fca4f83f278f66d42984533a860284ee065955f05b24082173c
gnupg-debuginfo-1.4.5-18.el5_10.x86_64.rpm SHA-256: 89a67d3b7e5048f6a4f0e7060cc9804ec932718006a1032b67aab0e2b6d8c8c4
i386
gnupg-1.4.5-18.el5_10.i386.rpm SHA-256: 3bb2ed136422bfe5156ced65491a9b75a9b9842519b3b7bd83093b1b624a8d60
gnupg-debuginfo-1.4.5-18.el5_10.i386.rpm SHA-256: 8664300a2065fc95032de7e80ba8e82c738486970516e7a7912e2797b2461e5d

Red Hat Enterprise Linux Desktop 5

SRPM
gnupg-1.4.5-18.el5_10.src.rpm SHA-256: 2bf142808cee3be183db87f407df4410e35045abade9b63f5d9b3eb3ac7af49f
x86_64
gnupg-1.4.5-18.el5_10.x86_64.rpm SHA-256: 252436c5f6d56fca4f83f278f66d42984533a860284ee065955f05b24082173c
gnupg-debuginfo-1.4.5-18.el5_10.x86_64.rpm SHA-256: 89a67d3b7e5048f6a4f0e7060cc9804ec932718006a1032b67aab0e2b6d8c8c4
i386
gnupg-1.4.5-18.el5_10.i386.rpm SHA-256: 3bb2ed136422bfe5156ced65491a9b75a9b9842519b3b7bd83093b1b624a8d60
gnupg-debuginfo-1.4.5-18.el5_10.i386.rpm SHA-256: 8664300a2065fc95032de7e80ba8e82c738486970516e7a7912e2797b2461e5d

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
gnupg-1.4.5-18.el5_10.src.rpm SHA-256: 2bf142808cee3be183db87f407df4410e35045abade9b63f5d9b3eb3ac7af49f
s390x
gnupg-1.4.5-18.el5_10.s390x.rpm SHA-256: e7b07110b47af9db137ae74dec960faa1385e2f2382c8fb33a0c35a4e73200b8
gnupg-debuginfo-1.4.5-18.el5_10.s390x.rpm SHA-256: 050f3563c1991ec5d1e862461e72d8356fdde7b20f63ce4f64f869684c4f1dbe

Red Hat Enterprise Linux for Power, big endian 5

SRPM
gnupg-1.4.5-18.el5_10.src.rpm SHA-256: 2bf142808cee3be183db87f407df4410e35045abade9b63f5d9b3eb3ac7af49f
ppc
gnupg-1.4.5-18.el5_10.ppc.rpm SHA-256: 31790efbbd1e6cc39202f61200955894e24b992a329ff20f53c60276dae52e6c
gnupg-debuginfo-1.4.5-18.el5_10.ppc.rpm SHA-256: 5161c653fdb63731c5fbf17b66164a8546300b8ff284ecd549cbf9d4cd98b594

Red Hat Enterprise Linux Server from RHUI 5

SRPM
gnupg-1.4.5-18.el5_10.src.rpm SHA-256: 2bf142808cee3be183db87f407df4410e35045abade9b63f5d9b3eb3ac7af49f
x86_64
gnupg-1.4.5-18.el5_10.x86_64.rpm SHA-256: 252436c5f6d56fca4f83f278f66d42984533a860284ee065955f05b24082173c
gnupg-debuginfo-1.4.5-18.el5_10.x86_64.rpm SHA-256: 89a67d3b7e5048f6a4f0e7060cc9804ec932718006a1032b67aab0e2b6d8c8c4
i386
gnupg-1.4.5-18.el5_10.i386.rpm SHA-256: 3bb2ed136422bfe5156ced65491a9b75a9b9842519b3b7bd83093b1b624a8d60
gnupg-debuginfo-1.4.5-18.el5_10.i386.rpm SHA-256: 8664300a2065fc95032de7e80ba8e82c738486970516e7a7912e2797b2461e5d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility