gnupg-1.4.5-18.AXS3.1
エラータID: AXSA:2014-247:01
リリース日:
2014/04/10 Thursday - 15:50
題名:
gnupg-1.4.5-18.AXS3.1
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- GnuPG はサイドチャネル攻撃をもたらす特定のパターンを持つ命令シーケンスを用いて RSA を生成し,復号化の間選択した暗号テキスト攻撃と音響的暗号分析によって,物理的に近接する攻撃者が RSA キーを抽出する脆弱性があります。(CVE-2013-4576)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2013-4576
GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.
GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.
追加情報:
N/A
ダウンロード:
SRPMS
- gnupg-1.4.5-18.AXS3.1.src.rpm
MD5: 91fb6397cab43983ad4715661be5d889
SHA-256: 7f61118271b97db151774ed878adfee549bda4d3866ce8118cd1dc04f40c717b
Size: 2.98 MB
Asianux Server 3 for x86
- gnupg-1.4.5-18.AXS3.1.i386.rpm
MD5: 830aa77f3a9a6e4f1cc34e3cc304ebae
SHA-256: 81ef06f319853780b921c3a97b50d4ac3e50685a7080105ec7270cd35daf3add
Size: 1.83 MB
Asianux Server 3 for x86_64
- gnupg-1.4.5-18.AXS3.1.x86_64.rpm
MD5: 4f0745751eb9531462c65d16f560616e
SHA-256: 708c26b1f8a713484983723b6474579320be850c170aacfa077c1c5c83e387a5
Size: 1.82 MB