FreeBSD : GnuPG and Libgcrypt -- side-channel attack vulnerability (689c2bf7-0701-11e3-9a25-002590860428)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Werner Koch of the GNU project reports :

Noteworthy changes in version 1.5.3 :

Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA
secret keys...

Note that Libgcrypt is used by GnuPG 2.x and thus this release fixes
the above problem. The fix for GnuPG less than 2.0 can be found in the
just released GnuPG 1.4.14.

See also :

http://eprint.iacr.org/2013/448
http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000329.html
http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html
http://www.nessus.org/u?ea8d1a27

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 1.9
(CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 69396 ()

Bugtraq ID:

CVE ID: CVE-2013-4242