Red Hat Product Errata RHSA-2014:0016 - Security Advisory
Issued:
2014-01-08
Updated:
2014-01-08

RHSA-2014:0016 - Security Advisory

Synopsis

Moderate: gnupg security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An updated gnupg package that fixes one security issue is now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and
creating digital signatures, compliant with the proposed OpenPGP Internet
standard and the S/MIME standard.

It was found that GnuPG was vulnerable to side-channel attacks via acoustic
cryptanalysis. An attacker in close range to a target system that is
decrypting ciphertexts could possibly use this flaw to recover the RSA
secret key from that system. (CVE-2013-4576)

Red Hat would like to thank Werner Koch of GnuPG upstream for reporting
this issue. Upstream acknowledges Genkin, Shamir, and Tromer as the
original reporters.

All gnupg users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 1043327 - CVE-2013-4576 gnupg: RSA secret key recovery via acoustic cryptanalysis

Red Hat Enterprise Linux Server 5

SRPM
gnupg-1.4.5-18.el5_10.1.src.rpm SHA-256: d678f473e911d90df4c6a52904e567ae8ba885292ba9ba4a884d24ae4aa23570
x86_64
gnupg-1.4.5-18.el5_10.1.x86_64.rpm SHA-256: bf844dbda89609fc8f567ab98b83fbb5a679eec2d3a9a6040a1c5cc43d1f6944
gnupg-debuginfo-1.4.5-18.el5_10.1.x86_64.rpm SHA-256: d86b75c8c507d3475f176b302b2ec9c0909678c94fa4047582ade6f0466c85ce
ia64
gnupg-1.4.5-18.el5_10.1.ia64.rpm SHA-256: cd2f7bb00c388d5e9a609cc1569f77c590cc79d7f4602294ac0aab4fdf53deb7
gnupg-debuginfo-1.4.5-18.el5_10.1.ia64.rpm SHA-256: 85f330f801fdb5b9658147fea41426b90881fc75b553e097d4b5ad33f2e07bbb
i386
gnupg-1.4.5-18.el5_10.1.i386.rpm SHA-256: 068063c3594d6907014b54f711e92404e04bc00e071f82c1ee7b70c87c6e009b
gnupg-debuginfo-1.4.5-18.el5_10.1.i386.rpm SHA-256: 3283e22f3888a86ba56616d5adc1f70fc9341ef18ca921a0a1a8b6033d683bfb

Red Hat Enterprise Linux Workstation 5

SRPM
gnupg-1.4.5-18.el5_10.1.src.rpm SHA-256: d678f473e911d90df4c6a52904e567ae8ba885292ba9ba4a884d24ae4aa23570
x86_64
gnupg-1.4.5-18.el5_10.1.x86_64.rpm SHA-256: bf844dbda89609fc8f567ab98b83fbb5a679eec2d3a9a6040a1c5cc43d1f6944
gnupg-debuginfo-1.4.5-18.el5_10.1.x86_64.rpm SHA-256: d86b75c8c507d3475f176b302b2ec9c0909678c94fa4047582ade6f0466c85ce
i386
gnupg-1.4.5-18.el5_10.1.i386.rpm SHA-256: 068063c3594d6907014b54f711e92404e04bc00e071f82c1ee7b70c87c6e009b
gnupg-debuginfo-1.4.5-18.el5_10.1.i386.rpm SHA-256: 3283e22f3888a86ba56616d5adc1f70fc9341ef18ca921a0a1a8b6033d683bfb

Red Hat Enterprise Linux Desktop 5

SRPM
gnupg-1.4.5-18.el5_10.1.src.rpm SHA-256: d678f473e911d90df4c6a52904e567ae8ba885292ba9ba4a884d24ae4aa23570
x86_64
gnupg-1.4.5-18.el5_10.1.x86_64.rpm SHA-256: bf844dbda89609fc8f567ab98b83fbb5a679eec2d3a9a6040a1c5cc43d1f6944
gnupg-debuginfo-1.4.5-18.el5_10.1.x86_64.rpm SHA-256: d86b75c8c507d3475f176b302b2ec9c0909678c94fa4047582ade6f0466c85ce
i386
gnupg-1.4.5-18.el5_10.1.i386.rpm SHA-256: 068063c3594d6907014b54f711e92404e04bc00e071f82c1ee7b70c87c6e009b
gnupg-debuginfo-1.4.5-18.el5_10.1.i386.rpm SHA-256: 3283e22f3888a86ba56616d5adc1f70fc9341ef18ca921a0a1a8b6033d683bfb

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
gnupg-1.4.5-18.el5_10.1.src.rpm SHA-256: d678f473e911d90df4c6a52904e567ae8ba885292ba9ba4a884d24ae4aa23570
s390x
gnupg-1.4.5-18.el5_10.1.s390x.rpm SHA-256: 811f4917764fe437067ebf5a5b8594dd6b6eb259f63c5f588fdf7b0fe403092f
gnupg-debuginfo-1.4.5-18.el5_10.1.s390x.rpm SHA-256: 4b7649be96f6de2b9ccda13988415d125c4fafbc943e6cbc4324f65c811917b5

Red Hat Enterprise Linux for Power, big endian 5

SRPM
gnupg-1.4.5-18.el5_10.1.src.rpm SHA-256: d678f473e911d90df4c6a52904e567ae8ba885292ba9ba4a884d24ae4aa23570
ppc
gnupg-1.4.5-18.el5_10.1.ppc.rpm SHA-256: 572e3d9d75786d2101d8d25d7a3e8787a1304e703e191ce51967c894a2c3f883
gnupg-debuginfo-1.4.5-18.el5_10.1.ppc.rpm SHA-256: 11cf539166609383da0144705a8a398211d642105a09df591c3283383f00210c

Red Hat Enterprise Linux Server from RHUI 5

SRPM
gnupg-1.4.5-18.el5_10.1.src.rpm SHA-256: d678f473e911d90df4c6a52904e567ae8ba885292ba9ba4a884d24ae4aa23570
x86_64
gnupg-1.4.5-18.el5_10.1.x86_64.rpm SHA-256: bf844dbda89609fc8f567ab98b83fbb5a679eec2d3a9a6040a1c5cc43d1f6944
gnupg-debuginfo-1.4.5-18.el5_10.1.x86_64.rpm SHA-256: d86b75c8c507d3475f176b302b2ec9c0909678c94fa4047582ade6f0466c85ce
i386
gnupg-1.4.5-18.el5_10.1.i386.rpm SHA-256: 068063c3594d6907014b54f711e92404e04bc00e071f82c1ee7b70c87c6e009b
gnupg-debuginfo-1.4.5-18.el5_10.1.i386.rpm SHA-256: 3283e22f3888a86ba56616d5adc1f70fc9341ef18ca921a0a1a8b6033d683bfb

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.