Oracle Solaris Third-Party Patch Update : libgcrypt (cve_2013_4242_information_disclosure)
Low Nessus Plugin ID 80671
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. (CVE-2013-4242)
SolutionUpgrade to Solaris 184.108.40.206.0.