Mageia alert MGASA-2017-0235 (gnupg)


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2017-0235: Updated gnupg packages fix security vulnerability 
Date:
    	       Thu, 3 Aug 2017 01:22:16 +0200
Message-ID:
    	       <20170802232216.83DC09F871@duvel.mageia.org>
MGASA-2017-0235 - Updated gnupg packages fix security vulnerability

Publication date: 02 Aug 2017
URL: http://advisories.mageia.org/MGASA-2017-0235.html
Type: security
Affected Mageia releases: 5, 6
CVE: CVE-2017-7526

Description:
Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot
Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and
Yuval Yarom discovered that GnuPG was susceptible to an attack via
side channels. A local attacker could use this attack to recover RSA
private keys (CVE-2017-7526).

References:
- https://bugs.mageia.org/show_bug.cgi?id=21204
- http://openwall.com/lists/oss-security/2017/07/06/8
- https://www.gnupg.org/
- https://www.ubuntu.com/usn/usn-3347-1/
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526

SRPMS:
- 6/core/gnupg-1.4.22-1.mga6
- 5/core/gnupg-1.4.19-1.3.mga5

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2017-0235: Updated gnupg packages fix security vulnerability
Date:		Thu, 3 Aug 2017 01:22:16 +0200
Message-ID:		<20170802232216.83DC09F871@duvel.mageia.org>