-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2013-13678 2013-07-26 21:40:29 --------------------------------------------------------------------------------
Name : libgcrypt Product : Fedora 19 Version : 1.5.3 Release : 1.fc19 URL : http://www.gnupg.org/ Summary : A general-purpose cryptography library Description : Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version.
-------------------------------------------------------------------------------- Update Information:
Minor update from upstream fixing a moderate impact security issue. -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 26 2013 Tomáš Mráz tmraz@redhat.com 1.5.3-1 - new upstream version fixing cache side-channel attack on RSA private keys * Thu Jun 20 2013 Tomáš Mráz tmraz@redhat.com 1.5.2-3 - silence false error detected by valgrind (#968288) * Thu Apr 25 2013 Tomáš Mráz tmraz@redhat.com 1.5.2-2 - silence strict aliasing warning in Rijndael - apply UsrMove - spec file cleanups -------------------------------------------------------------------------------- References:
[ 1 ] Bug #988589 - CVE-2013-4242 GnuPG susceptible to Yarom/Falkner flush+reload cache side-channel attack https://bugzilla.redhat.com/show_bug.cgi?id=988589 --------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use su -c 'yum update libgcrypt' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org