libcrypt 1.5.3の件で、bug report来ました。 GnuPGも(当然)更新されます。 ---------- Forwarded message ---------- From: <bugzilla_noreply@novell.com> Date: 2013/7/25 Subject: [Bug 831359] New: GnuPG 1.4.14 / libcrypt 1.5.3 for gpg2 mitigate Yarom/Falkner flush+reload side-channel attach on RSA secret keys To: opensuse-bugs@opensuse.org https://bugzilla.novell.com/show_bug.cgi?id=831359 https://bugzilla.novell.com/show_bug.cgi?id=831359#c0 Summary: GnuPG 1.4.14 / libcrypt 1.5.3 for gpg2 mitigate Yarom/Falkner flush+reload side-channel attach on RSA secret keys Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: All OS/Version: openSUSE 12.3 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: Andreas.Stieger@gmx.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0

From http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000329.html

Noteworthy changes in version 1.5.3: * Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys. See <http://eprint.iacr.org/2013/448>. [ Note that Libgcrypt is used by GnuPG 2.x and thus this release fixes the above problem. The fix for GnuPG < 2.0 can be found in the just released GnuPG 1.4.14. ] also for gpg (1).. SLE? http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. -- 1xx <ItSANgo@gmail.com> <https://twitter.com/ItSANgo> <http://d.hatena.ne.jp/Itisango/> -- To unsubscribe, e-mail: opensuse-ja+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-ja+owner@opensuse.org