[SECURITY] Fedora 19 Update: gnupg-1.4.16-2.fc19

updates at fedoraproject.org updates at fedoraproject.org
Mon Dec 30 05:00:52 UTC 2013

Fedora Update Notification
2013-12-20 00:28:16

Name        : gnupg
Product     : Fedora 19
Version     : 1.4.16
Release     : 2.fc19
URL         : http://www.gnupg.org/
Summary     : A GNU utility for secure communication and data storage
Description :
GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and
creating digital signatures. GnuPG has advanced key management
capabilities and is compliant with the proposed OpenPGP Internet
standard described in RFC2440. Since GnuPG doesn't use any patented
algorithm, it is not compatible with any version of PGP2 (PGP2.x uses
only IDEA for symmetric-key encryption, which is patented worldwide).

Update Information:

What's New

 * Fixed the RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack as described by Genkin, Shamir, and Tromer.
 See <http://www.cs.tau.ac.il/~tromer/acoustic/>.[CVE-2013-4576]

 * Put only the major version number by default into armored output.

 * Do not create a trustdb file if --trust-model=always is used.

 * Print the keyid for key packets with --list-packets.

 * Changed modular exponentiation algorithm to recover from a small performance loss due to a change in 1.4.14.

Impact of the security problem

CVE-2013-4576 has been assigned to this security bug.

The paper describes two attacks.The first attack allows to distinguish keys: An attacker is able to notice which key is currently used for decryption.This is in general not a problem but may be used to reveal the information that a message, encrypted to a commonly not used key, has been received by the targeted machine.We do not have a software solution to mitigate this attack.

The second attack is more serious. It is an adaptive chosen ciphertext attack to reveal the private key. A possible scenario is that the attacker places a sensor (for example a standard smartphone) in the vicinity of the targeted machine. That machine is assumed to do unattended RSA decryption of received mails, for example by using a mail client which speeds up browsing by opportunistically decrypting mails expected to be read soon.While listening to the acoustic emanations of the targeted machine, the smartphone will send new encrypted messages to that machine and re-construct the private key bit by bit.A 4096 bit RSA key used on a laptop can be revealed within an hour.

GnuPG 1.4.16 avoids this attack by employing RSA blinding during decryption.GnuPG 2.x and current Gpg4win versions make use of Libgcrypt which employs RSA blinding anyway and are thus not vulnerable.

For the highly interesting research on acoustic cryptanalysis and the details of the attack see http://www.cs.tau.ac.il/~tromer/acoustic/ .


* Wed Dec 18 2013 Peter Robinson <pbrobinson at fedoraproject.org> 1.4.16-2
- New upstream v1.4.16
  fixes for CVE-2013-4576
* Mon Oct  7 2013 Brian C. Lane <bcl at redhat.com> 1.4.15-1
- New upstream v1.4.15
  fixes for CVE-2013-4402 (#1015967)
  fixes for CVE-2013-4351 (#1010140)
* Mon Jul 29 2013 Brian C. Lane <bcl at redhat.com> 1.4.14-1
- New upstream v1.4.14
  fixes for CVE-2013-4242 (#988592)
  includes fix for build on big-endian arches

  [ 1 ] Bug #1043327 - CVE-2013-4576 gnupg: RSA secret key recovery via acoustic cryptanalysis

This update can be installed with the "yum" update program.  Use 
su -c 'yum update gnupg' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the package-announce mailing list