USN-1923-1: GnuPG, Libgcrypt vulnerability
1 August 2013
GnuPG and Libgcrypt could be made to expose sensitive information.
- gnupg - GNU privacy guard - a free PGP replacement
- libgcrypt11 - LGPL Crypto library - runtime library
Yuval Yarom and Katrina Falkner discovered a timing-based information leak,
known as Flush+Reload, that could be used to trace execution in programs.
GnuPG and Libgcrypt followed different execution paths based on key-related
data, which could be used to expose the contents of private keys.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.