https://bugzilla.novell.com/show_bug.cgi?id=831359 https://bugzilla.novell.com/show_bug.cgi?id=831359#c0 Summary: GnuPG 1.4.14 / libcrypt 1.5.3 for gpg2 mitigate Yarom/Falkner flush+reload side-channel attach on RSA secret keys Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: All OS/Version: openSUSE 12.3 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: Andreas.Stieger@gmx.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0
From http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000329.html
Noteworthy changes in version 1.5.3: * Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys. See http://eprint.iacr.org/2013/448. [ Note that Libgcrypt is used by GnuPG 2.x and thus this release fixes the above problem. The fix for GnuPG < 2.0 can be found in the just released GnuPG 1.4.14. ] also for gpg (1).. SLE? http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.