Sicherheit: Preisgabe von Informationen in gnupg
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in gnupg
ID: FEDORA-2013-23603
Distribution: Fedora
Plattformen: Fedora 20
Datum: Mo, 23. Dezember 2013, 08:20
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4576
Applikationen: The GNU Privacy Guard


Name        : gnupg
Product : Fedora 20
Version : 1.4.16
Release : 2.fc20
URL : http://www.gnupg.org/
Summary : A GNU utility for secure communication and data storage
Description :
GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and
creating digital signatures. GnuPG has advanced key management
capabilities and is compliant with the proposed OpenPGP Internet
standard described in RFC2440. Since GnuPG doesn't use any patented
algorithm, it is not compatible with any version of PGP2 (PGP2.x uses
only IDEA for symmetric-key encryption, which is patented worldwide).

Update Information:

What's New

* Fixed the RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack
as described by Genkin, Shamir, and Tromer.
See <http://www.cs.tau.ac.il/~tromer/acoustic/>.[CVE-2013-4576]

* Put only the major version number by default into armored output.

* Do not create a trustdb file if --trust-model=always is used.

* Print the keyid for key packets with --list-packets.

* Changed modular exponentiation algorithm to recover from a small performance
loss due to a change in 1.4.14.

Impact of the security problem

CVE-2013-4576 has been assigned to this security bug.

The paper describes two attacks.The first attack allows to distinguish keys: An
attacker is able to notice which key is currently used for decryption.This is in general not a problem but may be used to reveal the information that a message, encrypted to a commonly not used key, has been received by the targeted machine.We do not have a software solution to mitigate this attack.

The second attack is more serious. It is an adaptive chosen ciphertext attack
to reveal the private key. A possible scenario is that the attacker places a sensor (for example a standard smartphone) in the vicinity of the targeted machine. That machine is assumed to do unattended RSA decryption of received mails, for example by using a mail client which speeds up browsing by opportunistically decrypting mails expected to be read soon.While listening to the acoustic emanations of the targeted machine, the smartphone will send new encrypted messages to that machine and re-construct the private key bit by bit.A 4096 bit RSA key used on a laptop can be revealed within an hour.

GnuPG 1.4.16 avoids this attack by employing RSA blinding during
decryption.GnuPG 2.x and current Gpg4win versions make use of Libgcrypt which employs RSA blinding anyway and are thus not vulnerable.

For the highly interesting research on acoustic cryptanalysis and the details of the attack see acoustic.


* Wed Dec 18 2013 Peter Robinson <pbrobinson@fedoraproject.org> 1.4.16-2
- New upstream v1.4.16
fixes for CVE-2013-4576

[ 1 ] Bug #1044402 - gnupg-1.4.16 is available

This update can be installed with the "yum" update program. Use
su -c 'yum update gnupg' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Pro-Linux @Facebook
Neue Nachrichten