FreeBSD : GnuPG and Libgcrypt -- side-channel attack vulnerability (689c2bf7-0701-11e3-9a25-002590860428)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

Werner Koch of the GNU project reports :

Noteworthy changes in version 1.5.3 :

Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA
secret keys...

Note that Libgcrypt is used by GnuPG 2.x and thus this release fixes
the above problem. The fix for GnuPG less than 2.0 can be found in the
just released GnuPG 1.4.14.

See also :

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 1.9

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 69396 ()

Bugtraq ID:

CVE ID: CVE-2013-4242

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now