Ubuntu has issued an advisory for libgcrypt on July 3: https://www.ubuntu.com/usn/usn-3347-1/ gnupg is also affected and a fix is being worked on upstream: http://openwall.com/lists/oss-security/2017/07/06/8
Whiteboard: (none) => MGA6TOO, MGA5TOO
Upstream has released version 1.4.22 on July 19 to fix this: https://www.gnupg.org/ "Although GnuPG 1.4 is of limited use today we did a maintenance release to address the recently published local side channel attack CVE-2017-7526."
Patched package uploaded for Mageia 5. Updated packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated gnupg package fixes security vulnerability: Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that GnuPG was susceptible to an attack via side channels. A local attacker could use this attack to recover RSA private keys (CVE-2017-7526). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526 http://openwall.com/lists/oss-security/2017/07/06/8 https://www.gnupg.org/ https://www.ubuntu.com/usn/usn-3347-1/ ======================== Updated packages in core/updates_testing: ======================== gnupg-1.4.19-1.3.mga5 gnupg-1.4.22-1.mga6 from SRPMS: gnupg-1.4.19-1.3.mga5.src.rpm gnupg-1.4.22-1.mga6.src.rpm
Whiteboard: MGA6TOO, MGA5TOO => MGA5TOOVersion: Cauldron => 6Assignee: pkg-bugs => qa-bugs
Installed and tested without issues. System: x86_64, Plasma, Intel CPU, nVidia GPU using proprietary driver. $ rpm -q gnupg gnupg-1.4.19-1.3.mga5 $ uname -a Linux marte 4.4.79-desktop-1.mga5 #1 SMP Fri Jul 28 02:50:06 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
CC: (none) => mageiaWhiteboard: MGA5TOO => MGA5TOO MGA5-64-OK
CC: (none) => nathan95Whiteboard: MGA5TOO MGA5-64-OK => MGA5TOO MGA5-64-OK MGA6-64-OK
Whiteboard: MGA5TOO MGA5-64-OK MGA6-64-OK => advisory MGA5TOO MGA5-64-OK MGA6-64-OK
Tested on Virtual box on MGA 6 32 bit and MGA 5 32 bit and I did not notice regressions.
Keywords: (none) => validated_updateWhiteboard: advisory MGA5TOO MGA5-64-OK MGA6-64-OK => advisory MGA5TOO MGA5-64-OK MGA6-64-OK MGA6-32-OK MGA5-32OKCC: (none) => sysadmin-bugs
Whiteboard: advisory MGA5TOO MGA5-64-OK MGA6-64-OK MGA6-32-OK MGA5-32OK => advisory MGA5TOO MGA5-64-OK MGA6-64-OK MGA6-32-OK MGA5-32-OK
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0235.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED