FreeBSD : GnuPG and Libgcrypt -- side-channel attack vulnerability (689c2bf7-0701-11e3-9a25-002590860428)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

Werner Koch of the GNU project reports :

Noteworthy changes in version 1.5.3 :

Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA
secret keys...

Note that Libgcrypt is used by GnuPG 2.x and thus this release fixes
the above problem. The fix for GnuPG less than 2.0 can be found in the
just released GnuPG 1.4.14.

See also :

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 1.9

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 69396 ()

Bugtraq ID:

CVE ID: CVE-2013-4242

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial