CentOS Update For Libgcrypt CESA-2013:1457 Centos5 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the L3 cache with the GnuPG process (such as a different local user or a user of a KVM guest running on the same host with the kernel same-page merging functionality enabled) could possibly use this flaw to obtain portions of the RSA secret key. (CVE-2013-4242) All libgcrypt users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.

Affected

libgcrypt on CentOS 5

References

http://lists.centos.org/pipermail/centos-announce/2013-October/019992.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-4242

CVSS	Base Score: 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

CentOS Update for libvirt CESA-2013:0127 centos5
CentOS Update for OpenIPMI CESA-2013:0123 centos5
CentOS Update for kernel CESA-2013:1790 centos5
CentOS Update for sssd CESA-2011:0975 centos5 i386
CentOS Update for kernel CESA-2012:1174 centos5

CentOS Update for libgcrypt CESA-2013:1457 centos5

Take action and discover your vulnerabilities