csaf_redhat - rhsa-2013

rhsa-2013_1458

Vulnerability from csaf_redhat

Published

2013-10-24 15:16

Modified

2024-11-22 07:13

Summary

Red Hat Security Advisory: gnupg security update

Notes

Topic

An updated gnupg package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Details

The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the L3 cache with the GnuPG process (such as a different local user or a user of a KVM guest running on the same host with the kernel same-page merging functionality enabled) could possibly use this flaw to obtain portions of the RSA secret key. (CVE-2013-4242) A denial of service flaw was found in the way GnuPG parsed certain compressed OpenPGP packets. An attacker could use this flaw to send specially crafted input data to GnuPG, making GnuPG enter an infinite loop when parsing data. (CVE-2013-4402) It was found that importing a corrupted public key into a GnuPG keyring database corrupted that keyring. An attacker could use this flaw to trick a local user into importing a specially crafted public key into their keyring database, causing the keyring to be corrupted and preventing its further use. (CVE-2012-6085) It was found that GnuPG did not properly interpret the key flags in a PGP key packet. GPG could accept a key for uses not indicated by its holder. (CVE-2013-4351) Red Hat would like to thank Werner Koch for reporting the CVE-2013-4402 issue. Upstream acknowledges Taylor R Campbell as the original reporter. All gnupg users are advised to upgrade to this updated package, which contains backported patches to correct these issues.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated gnupg package that fixes multiple security issues is now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and\ncreating digital signatures, compliant with the proposed OpenPGP Internet\nstandard and the S/MIME standard.\n\nIt was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload\ncache side-channel attack on the RSA secret exponent. An attacker able to\nexecute a process on the logical CPU that shared the L3 cache with the\nGnuPG process (such as a different local user or a user of a KVM guest\nrunning on the same host with the kernel same-page merging functionality\nenabled) could possibly use this flaw to obtain portions of the RSA secret\nkey. (CVE-2013-4242)\n\nA denial of service flaw was found in the way GnuPG parsed certain\ncompressed OpenPGP packets. An attacker could use this flaw to send\nspecially crafted input data to GnuPG, making GnuPG enter an infinite loop\nwhen parsing data. (CVE-2013-4402)\n\nIt was found that importing a corrupted public key into a GnuPG keyring\ndatabase corrupted that keyring. An attacker could use this flaw to trick a\nlocal user into importing a specially crafted public key into their keyring\ndatabase, causing the keyring to be corrupted and preventing its further\nuse. (CVE-2012-6085)\n\nIt was found that GnuPG did not properly interpret the key flags in a PGP\nkey packet. GPG could accept a key for uses not indicated by its holder.\n(CVE-2013-4351)\n\nRed Hat would like to thank Werner Koch for reporting the CVE-2013-4402\nissue. Upstream acknowledges Taylor R Campbell as the original reporter.\n\nAll gnupg users are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2013:1458",
        "url": "https://access.redhat.com/errata/RHSA-2013:1458"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "891142",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=891142"
      },
      {
        "category": "external",
        "summary": "988589",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=988589"
      },
      {
        "category": "external",
        "summary": "1010137",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1010137"
      },
      {
        "category": "external",
        "summary": "1015685",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015685"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1458.json"
      }
    ],
    "title": "Red Hat Security Advisory: gnupg security update",
    "tracking": {
      "current_release_date": "2024-11-22T07:13:28+00:00",
      "generator": {
        "date": "2024-11-22T07:13:28+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2013:1458",
      "initial_release_date": "2013-10-24T15:16:00+00:00",
      "revision_history": [
        {
          "date": "2013-10-24T15:16:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2013-10-24T15:22:57+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T07:13:28+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                  "product_id": "5Client-5.10.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server-5.10.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gnupg-0:1.4.5-18.el5_10.s390x",
                "product": {
                  "name": "gnupg-0:1.4.5-18.el5_10.s390x",
                  "product_id": "gnupg-0:1.4.5-18.el5_10.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gnupg@1.4.5-18.el5_10?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
                "product": {
                  "name": "gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
                  "product_id": "gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gnupg-debuginfo@1.4.5-18.el5_10?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gnupg-0:1.4.5-18.el5_10.src",
                "product": {
                  "name": "gnupg-0:1.4.5-18.el5_10.src",
                  "product_id": "gnupg-0:1.4.5-18.el5_10.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gnupg@1.4.5-18.el5_10?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gnupg-0:1.4.5-18.el5_10.x86_64",
                "product": {
                  "name": "gnupg-0:1.4.5-18.el5_10.x86_64",
                  "product_id": "gnupg-0:1.4.5-18.el5_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gnupg@1.4.5-18.el5_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64",
                "product": {
                  "name": "gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64",
                  "product_id": "gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gnupg-debuginfo@1.4.5-18.el5_10?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gnupg-0:1.4.5-18.el5_10.ia64",
                "product": {
                  "name": "gnupg-0:1.4.5-18.el5_10.ia64",
                  "product_id": "gnupg-0:1.4.5-18.el5_10.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gnupg@1.4.5-18.el5_10?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
                "product": {
                  "name": "gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
                  "product_id": "gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gnupg-debuginfo@1.4.5-18.el5_10?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gnupg-0:1.4.5-18.el5_10.i386",
                "product": {
                  "name": "gnupg-0:1.4.5-18.el5_10.i386",
                  "product_id": "gnupg-0:1.4.5-18.el5_10.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gnupg@1.4.5-18.el5_10?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
                "product": {
                  "name": "gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
                  "product_id": "gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gnupg-debuginfo@1.4.5-18.el5_10?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gnupg-0:1.4.5-18.el5_10.ppc",
                "product": {
                  "name": "gnupg-0:1.4.5-18.el5_10.ppc",
                  "product_id": "gnupg-0:1.4.5-18.el5_10.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gnupg@1.4.5-18.el5_10?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
                "product": {
                  "name": "gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
                  "product_id": "gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gnupg-debuginfo@1.4.5-18.el5_10?arch=ppc"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg-0:1.4.5-18.el5_10.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.i386"
        },
        "product_reference": "gnupg-0:1.4.5-18.el5_10.i386",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg-0:1.4.5-18.el5_10.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.ia64"
        },
        "product_reference": "gnupg-0:1.4.5-18.el5_10.ia64",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg-0:1.4.5-18.el5_10.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.ppc"
        },
        "product_reference": "gnupg-0:1.4.5-18.el5_10.ppc",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg-0:1.4.5-18.el5_10.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.s390x"
        },
        "product_reference": "gnupg-0:1.4.5-18.el5_10.s390x",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg-0:1.4.5-18.el5_10.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.src"
        },
        "product_reference": "gnupg-0:1.4.5-18.el5_10.src",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg-0:1.4.5-18.el5_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.x86_64"
        },
        "product_reference": "gnupg-0:1.4.5-18.el5_10.x86_64",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg-debuginfo-0:1.4.5-18.el5_10.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.i386"
        },
        "product_reference": "gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg-debuginfo-0:1.4.5-18.el5_10.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ia64"
        },
        "product_reference": "gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg-debuginfo-0:1.4.5-18.el5_10.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ppc"
        },
        "product_reference": "gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg-debuginfo-0:1.4.5-18.el5_10.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.s390x"
        },
        "product_reference": "gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64"
        },
        "product_reference": "gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg-0:1.4.5-18.el5_10.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.i386"
        },
        "product_reference": "gnupg-0:1.4.5-18.el5_10.i386",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg-0:1.4.5-18.el5_10.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.ia64"
        },
        "product_reference": "gnupg-0:1.4.5-18.el5_10.ia64",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg-0:1.4.5-18.el5_10.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.ppc"
        },
        "product_reference": "gnupg-0:1.4.5-18.el5_10.ppc",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg-0:1.4.5-18.el5_10.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.s390x"
        },
        "product_reference": "gnupg-0:1.4.5-18.el5_10.s390x",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg-0:1.4.5-18.el5_10.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.src"
        },
        "product_reference": "gnupg-0:1.4.5-18.el5_10.src",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg-0:1.4.5-18.el5_10.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.x86_64"
        },
        "product_reference": "gnupg-0:1.4.5-18.el5_10.x86_64",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg-debuginfo-0:1.4.5-18.el5_10.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.i386"
        },
        "product_reference": "gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg-debuginfo-0:1.4.5-18.el5_10.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ia64"
        },
        "product_reference": "gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg-debuginfo-0:1.4.5-18.el5_10.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ppc"
        },
        "product_reference": "gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg-debuginfo-0:1.4.5-18.el5_10.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.s390x"
        },
        "product_reference": "gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64"
        },
        "product_reference": "gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64",
        "relates_to_product_reference": "5Server-5.10.Z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2012-6085",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2012-12-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "891142"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "GnuPG: read_block() corrupt key input validation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.i386",
          "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.ia64",
          "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.ppc",
          "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.s390x",
          "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.src",
          "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.x86_64",
          "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
          "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
          "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
          "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
          "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64",
          "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.i386",
          "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.ia64",
          "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.ppc",
          "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.s390x",
          "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.src",
          "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.x86_64",
          "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
          "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
          "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
          "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
          "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2012-6085"
        },
        {
          "category": "external",
          "summary": "RHBZ#891142",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=891142"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2012-6085",
          "url": "https://www.cve.org/CVERecord?id=CVE-2012-6085"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-6085",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6085"
        }
      ],
      "release_date": "2012-12-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-10-24T15:16:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.i386",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.ia64",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.ppc",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.s390x",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.src",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.x86_64",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.i386",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.ia64",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.ppc",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.s390x",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.src",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.x86_64",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:1458"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.i386",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.ia64",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.ppc",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.s390x",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.src",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.x86_64",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.i386",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.ia64",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.ppc",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.s390x",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.src",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.x86_64",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "GnuPG: read_block() corrupt key input validation"
    },
    {
      "cve": "CVE-2013-4242",
      "discovery_date": "2013-07-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "988589"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "GnuPG susceptible to Yarom/Falkner flush+reload cache side-channel attack",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue affects the version of gnupg as shipped with Red Hat Enterprise Linux 5. This issue affects the version of libgcrypt as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. More technical details on this flaw are available at https://bugzilla.redhat.com/show_bug.cgi?id=988589#c12",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.i386",
          "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.ia64",
          "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.ppc",
          "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.s390x",
          "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.src",
          "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.x86_64",
          "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
          "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
          "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
          "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
          "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64",
          "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.i386",
          "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.ia64",
          "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.ppc",
          "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.s390x",
          "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.src",
          "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.x86_64",
          "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
          "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
          "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
          "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
          "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-4242"
        },
        {
          "category": "external",
          "summary": "RHBZ#988589",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=988589"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-4242",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-4242"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4242",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4242"
        },
        {
          "category": "external",
          "summary": "http://eprint.iacr.org/2013/448",
          "url": "http://eprint.iacr.org/2013/448"
        }
      ],
      "release_date": "2013-07-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-10-24T15:16:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.i386",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.ia64",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.ppc",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.s390x",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.src",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.x86_64",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.i386",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.ia64",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.ppc",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.s390x",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.src",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.x86_64",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:1458"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.i386",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.ia64",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.ppc",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.s390x",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.src",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.x86_64",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.i386",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.ia64",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.ppc",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.s390x",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.src",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.x86_64",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "GnuPG susceptible to Yarom/Falkner flush+reload cache side-channel attack"
    },
    {
      "cve": "CVE-2013-4351",
      "discovery_date": "2013-09-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1010137"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "gnupg: treats no-usage-permitted keys as all-usages-permitted",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.i386",
          "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.ia64",
          "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.ppc",
          "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.s390x",
          "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.src",
          "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.x86_64",
          "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
          "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
          "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
          "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
          "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64",
          "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.i386",
          "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.ia64",
          "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.ppc",
          "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.s390x",
          "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.src",
          "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.x86_64",
          "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
          "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
          "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
          "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
          "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-4351"
        },
        {
          "category": "external",
          "summary": "RHBZ#1010137",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1010137"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-4351",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-4351"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4351",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4351"
        }
      ],
      "release_date": "2013-03-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-10-24T15:16:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.i386",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.ia64",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.ppc",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.s390x",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.src",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.x86_64",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.i386",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.ia64",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.ppc",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.s390x",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.src",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.x86_64",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:1458"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.i386",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.ia64",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.ppc",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.s390x",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.src",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.x86_64",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.i386",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.ia64",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.ppc",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.s390x",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.src",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.x86_64",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "gnupg: treats no-usage-permitted keys as all-usages-permitted"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Werner Koch"
          ]
        },
        {
          "names": [
            "Taylor R Campbell"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2013-4402",
      "discovery_date": "2013-10-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1015685"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "GnuPG: infinite recursion in the compressed packet parser DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.i386",
          "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.ia64",
          "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.ppc",
          "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.s390x",
          "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.src",
          "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.x86_64",
          "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
          "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
          "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
          "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
          "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64",
          "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.i386",
          "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.ia64",
          "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.ppc",
          "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.s390x",
          "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.src",
          "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.x86_64",
          "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
          "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
          "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
          "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
          "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-4402"
        },
        {
          "category": "external",
          "summary": "RHBZ#1015685",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015685"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-4402",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-4402"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4402",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4402"
        }
      ],
      "release_date": "2013-10-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-10-24T15:16:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.i386",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.ia64",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.ppc",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.s390x",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.src",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.x86_64",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.i386",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.ia64",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.ppc",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.s390x",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.src",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.x86_64",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:1458"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.i386",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.ia64",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.ppc",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.s390x",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.src",
            "5Client-5.10.Z:gnupg-0:1.4.5-18.el5_10.x86_64",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
            "5Client-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.i386",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.ia64",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.ppc",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.s390x",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.src",
            "5Server-5.10.Z:gnupg-0:1.4.5-18.el5_10.x86_64",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.i386",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ia64",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.ppc",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.s390x",
            "5Server-5.10.Z:gnupg-debuginfo-0:1.4.5-18.el5_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "GnuPG: infinite recursion in the compressed packet parser DoS"
    }
  ]
}

cve-2012-6085

Vulnerability from cvelistv5

Published

2013-01-24 01:00

Modified

2024-08-06 21:21

Severity ?

Summary

The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=891142	x_refsource_MISC
	https://bugs.g10code.com/gnupg/issue1455	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/57102	vdb-entry, x_refsource_BID
	http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095516.html	vendor-advisory, x_refsource_FEDORA
	http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2013/01/01/6	mailing-list, x_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095513.html	vendor-advisory, x_refsource_FEDORA
	http://rhn.redhat.com/errata/RHSA-2013-1459.html	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-1682-1	vendor-advisory, x_refsource_UBUNTU
	http://www.mandriva.com/security/advisories?name=MDVSA-2013:001	vendor-advisory, x_refsource_MANDRIVA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/80990	vdb-entry, x_refsource_XF

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:21:28.395Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=891142"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.g10code.com/gnupg/issue1455"
          },
          {
            "name": "57102",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/57102"
          },
          {
            "name": "FEDORA-2013-0377",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095516.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67"
          },
          {
            "name": "[oss-security] 20130101 Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/01/01/6"
          },
          {
            "name": "FEDORA-2013-0148",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095513.html"
          },
          {
            "name": "RHSA-2013:1459",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
          },
          {
            "name": "USN-1682-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1682-1"
          },
          {
            "name": "MDVSA-2013:001",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:001"
          },
          {
            "name": "gnupg-public-keys-code-exec(80990)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80990"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-12-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=891142"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.g10code.com/gnupg/issue1455"
        },
        {
          "name": "57102",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/57102"
        },
        {
          "name": "FEDORA-2013-0377",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095516.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67"
        },
        {
          "name": "[oss-security] 20130101 Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/01/01/6"
        },
        {
          "name": "FEDORA-2013-0148",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095513.html"
        },
        {
          "name": "RHSA-2013:1459",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
        },
        {
          "name": "USN-1682-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1682-1"
        },
        {
          "name": "MDVSA-2013:001",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:001"
        },
        {
          "name": "gnupg-public-keys-code-exec(80990)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80990"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-6085",
    "datePublished": "2013-01-24T01:00:00",
    "dateReserved": "2012-12-06T00:00:00",
    "dateUpdated": "2024-08-06T21:21:28.395Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-4402

Vulnerability from cvelistv5

Published

2013-10-28 22:00

Modified

2024-08-06 16:45

Severity ?

Summary

The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=1015685	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2013-10/msg00020.html	vendor-advisory, x_refsource_SUSE
	http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html	mailing-list, x_refsource_MLIST
	http://www.ubuntu.com/usn/USN-1987-1	vendor-advisory, x_refsource_UBUNTU
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433	x_refsource_CONFIRM
	http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html	mailing-list, x_refsource_MLIST
	http://www.debian.org/security/2013/dsa-2773	vendor-advisory, x_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-updates/2013-10/msg00025.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2013-1459.html	vendor-advisory, x_refsource_REDHAT
	http://www.debian.org/security/2013/dsa-2774	vendor-advisory, x_refsource_DEBIAN

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:45:14.601Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015685"
          },
          {
            "name": "openSUSE-SU-2013:1546",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00020.html"
          },
          {
            "name": "[Gnupg-announce] 20131005 [Announce] [security fix] GnuPG 1.4.15 released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html"
          },
          {
            "name": "USN-1987-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1987-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433"
          },
          {
            "name": "[Gnupg-announce] 20131005 [Announce] [security fix] GnuPG 2.0.22 released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html"
          },
          {
            "name": "DSA-2773",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2773"
          },
          {
            "name": "openSUSE-SU-2013:1552",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00025.html"
          },
          {
            "name": "RHSA-2013:1459",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
          },
          {
            "name": "DSA-2774",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2774"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-10-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-01-02T14:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015685"
        },
        {
          "name": "openSUSE-SU-2013:1546",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00020.html"
        },
        {
          "name": "[Gnupg-announce] 20131005 [Announce] [security fix] GnuPG 1.4.15 released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html"
        },
        {
          "name": "USN-1987-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1987-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433"
        },
        {
          "name": "[Gnupg-announce] 20131005 [Announce] [security fix] GnuPG 2.0.22 released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html"
        },
        {
          "name": "DSA-2773",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2773"
        },
        {
          "name": "openSUSE-SU-2013:1552",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00025.html"
        },
        {
          "name": "RHSA-2013:1459",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
        },
        {
          "name": "DSA-2774",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2774"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4402",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1015685",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015685"
            },
            {
              "name": "openSUSE-SU-2013:1546",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00020.html"
            },
            {
              "name": "[Gnupg-announce] 20131005 [Announce] [security fix] GnuPG 1.4.15 released",
              "refsource": "MLIST",
              "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html"
            },
            {
              "name": "USN-1987-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1987-1"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433"
            },
            {
              "name": "[Gnupg-announce] 20131005 [Announce] [security fix] GnuPG 2.0.22 released",
              "refsource": "MLIST",
              "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html"
            },
            {
              "name": "DSA-2773",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2773"
            },
            {
              "name": "openSUSE-SU-2013:1552",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00025.html"
            },
            {
              "name": "RHSA-2013:1459",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
            },
            {
              "name": "DSA-2774",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2774"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4402",
    "datePublished": "2013-10-28T22:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:45:14.601Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-4351

Vulnerability from cvelistv5

Published

2013-10-10 00:00

Modified

2024-08-06 16:38

Severity ?

Summary

GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey.

References

▼	URL	Tags
	http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2013-10/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://ubuntu.com/usn/usn-1987-1	vendor-advisory, x_refsource_UBUNTU
	http://www.debian.org/security/2013/dsa-2773	vendor-advisory, x_refsource_DEBIAN
	http://www.openwall.com/lists/oss-security/2013/09/13/4	mailing-list, x_refsource_MLIST
	http://rhn.redhat.com/errata/RHSA-2013-1459.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-updates/2013-10/msg00003.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2013/dsa-2774	vendor-advisory, x_refsource_DEBIAN
	https://bugzilla.redhat.com/show_bug.cgi?id=1010137	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:38:01.888Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138"
          },
          {
            "name": "openSUSE-SU-2013:1532",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00006.html"
          },
          {
            "name": "USN-1987-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-1987-1"
          },
          {
            "name": "DSA-2773",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2773"
          },
          {
            "name": "[oss-security] 20130913 Re: GnuPG treats no-usage-permitted keys as all-usages-permitted",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/09/13/4"
          },
          {
            "name": "RHSA-2013:1459",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
          },
          {
            "name": "openSUSE-SU-2013:1526",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00003.html"
          },
          {
            "name": "DSA-2774",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2774"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1010137"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-03-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-01-02T14:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138"
        },
        {
          "name": "openSUSE-SU-2013:1532",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00006.html"
        },
        {
          "name": "USN-1987-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-1987-1"
        },
        {
          "name": "DSA-2773",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2773"
        },
        {
          "name": "[oss-security] 20130913 Re: GnuPG treats no-usage-permitted keys as all-usages-permitted",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/09/13/4"
        },
        {
          "name": "RHSA-2013:1459",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
        },
        {
          "name": "openSUSE-SU-2013:1526",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00003.html"
        },
        {
          "name": "DSA-2774",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2774"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1010137"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4351",
    "datePublished": "2013-10-10T00:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:38:01.888Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-4242

Vulnerability from cvelistv5

Published

2013-08-19 23:00

Modified

2024-08-06 16:38

Severity ?

Summary

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.

References

▼	URL	Tags
	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	x_refsource_CONFIRM
	http://www.debian.org/security/2013/dsa-2731	vendor-advisory, x_refsource_DEBIAN
	http://secunia.com/advisories/54332	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/54321	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/54375	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-updates/2013-08/msg00003.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/61464	vdb-entry, x_refsource_BID
	http://www.ubuntu.com/usn/USN-1923-1	vendor-advisory, x_refsource_UBUNTU
	http://eprint.iacr.org/2013/448	x_refsource_MISC
	http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html	mailing-list, x_refsource_MLIST
	http://www.kb.cert.org/vuls/id/976534	third-party-advisory, x_refsource_CERT-VN
	http://www.debian.org/security/2013/dsa-2730	vendor-advisory, x_refsource_DEBIAN
	http://rhn.redhat.com/errata/RHSA-2013-1457.html	vendor-advisory, x_refsource_REDHAT
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880	x_refsource_MISC
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705	x_refsource_CONFIRM
	http://secunia.com/advisories/54318	third-party-advisory, x_refsource_SECUNIA

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:38:01.611Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "DSA-2731",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2731"
          },
          {
            "name": "54332",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54332"
          },
          {
            "name": "54321",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54321"
          },
          {
            "name": "54375",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54375"
          },
          {
            "name": "openSUSE-SU-2013:1294",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00003.html"
          },
          {
            "name": "61464",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/61464"
          },
          {
            "name": "USN-1923-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1923-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://eprint.iacr.org/2013/448"
          },
          {
            "name": "[gnupg-announce] 20130725 [Announce] [security fix] GnuPG 1.4.14 released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html"
          },
          {
            "name": "VU#976534",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/976534"
          },
          {
            "name": "DSA-2730",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2730"
          },
          {
            "name": "RHSA-2013:1457",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1457.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
          },
          {
            "name": "54318",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54318"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-06T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "DSA-2731",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2731"
        },
        {
          "name": "54332",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54332"
        },
        {
          "name": "54321",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54321"
        },
        {
          "name": "54375",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54375"
        },
        {
          "name": "openSUSE-SU-2013:1294",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00003.html"
        },
        {
          "name": "61464",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/61464"
        },
        {
          "name": "USN-1923-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1923-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://eprint.iacr.org/2013/448"
        },
        {
          "name": "[gnupg-announce] 20130725 [Announce] [security fix] GnuPG 1.4.14 released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html"
        },
        {
          "name": "VU#976534",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/976534"
        },
        {
          "name": "DSA-2730",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2730"
        },
        {
          "name": "RHSA-2013:1457",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1457.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
        },
        {
          "name": "54318",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54318"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4242",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "DSA-2731",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2731"
            },
            {
              "name": "54332",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/54332"
            },
            {
              "name": "54321",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/54321"
            },
            {
              "name": "54375",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/54375"
            },
            {
              "name": "openSUSE-SU-2013:1294",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00003.html"
            },
            {
              "name": "61464",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/61464"
            },
            {
              "name": "USN-1923-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1923-1"
            },
            {
              "name": "http://eprint.iacr.org/2013/448",
              "refsource": "MISC",
              "url": "http://eprint.iacr.org/2013/448"
            },
            {
              "name": "[gnupg-announce] 20130725 [Announce] [security fix] GnuPG 1.4.14 released",
              "refsource": "MLIST",
              "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html"
            },
            {
              "name": "VU#976534",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/976534"
            },
            {
              "name": "DSA-2730",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2730"
            },
            {
              "name": "RHSA-2013:1457",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1457.html"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880",
              "refsource": "MISC",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
            },
            {
              "name": "54318",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/54318"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4242",
    "datePublished": "2013-08-19T23:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:38:01.611Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2013_1458

Vulnerability from csaf_redhat

cve-2012-6085

Vulnerability from cvelistv5

cve-2013-4402

Vulnerability from cvelistv5

cve-2013-4351

Vulnerability from cvelistv5

cve-2013-4242

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature