Bug 988589 (CVE-2013-4242)
| Summary: | CVE-2013-4242 GnuPG susceptible to Yarom/Falkner flush+reload cache side-channel attack | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | bcl, carnil, erik-fedora, huzaifas, jjaburek, jkurik, jorton, rdieter, rjones, tmraz |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | gnupg 1.4.14, libgcrypt 1.5.3 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-06-13 19:04:31 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 988592, 988593, 988594, 988595, 988596, 1015736, 1015737, 1017001, 1017002, 1017003, 1017004 | ||
| Bug Blocks: | 988590, 1015687 | ||
|
Description
Vincent Danen
2013-07-25 22:32:54 UTC
Created mingw-libgcrypt tracking bugs for this issue: Affects: fedora-all [bug 988594] Created libgcrypt tracking bugs for this issue: Affects: fedora-all [bug 988593] Created gnupg tracking bugs for this issue: Affects: fedora-all [bug 988592] Created mingw32-libgcrypt tracking bugs for this issue: Affects: epel-5 [bug 988596] This was assigned CVE-2013-4242 via http://www.openwall.com/lists/oss-security/2013/07/26/7 libgcrypt-1.5.3-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. libgcrypt-1.5.3-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. gnupg-1.4.14-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. gnupg-1.4.14-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. We believe that there are several deterrents to active exploitation of this vulnerability. 1. The attacker needs to be logged into the machine containing the private key, when gpg decryption takes place. Therefore only multi-user systems are affected. 2. The exploit takes advantage of being able to cause the L3 cache to flush and reload at an exact time. In intel architecture L3 cache is common to all the CPU cores, therefore the exploit does not have to run on a particular core. However this also implies that this is highly CPU arch. dependent. 3. It is recommended not to store important private keys on disk/process them in shared memory, specially if multi-user systems are being used for this purpose. Dedicated hardware devices like Smart cards are better options. Statement: This issue affects the version of gnupg as shipped with Red Hat Enterprise Linux 5. This issue affects the version of libgcrypt as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. More technical details on this flaw are available at https://bugzilla.redhat.com/show_bug.cgi?id=988589#c12 This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:1458 https://rhn.redhat.com/errata/RHSA-2013-1458.html This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2013:1457 https://rhn.redhat.com/errata/RHSA-2013-1457.html |