Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that GnuPG is vulnerable to a cache side-channel attack. A local attacker could use this attack to recover RSA private keys.
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1.4.16-1ubuntu2.6", "binary_name": "gnupg" }, { "binary_version": "1.4.16-1ubuntu2.6", "binary_name": "gnupg-curl" }, { "binary_version": "1.4.16-1ubuntu2.6", "binary_name": "gnupg-curl-dbgsym" }, { "binary_version": "1.4.16-1ubuntu2.6", "binary_name": "gnupg-dbgsym" }, { "binary_version": "1.4.16-1ubuntu2.6", "binary_name": "gnupg-udeb" }, { "binary_version": "1.4.16-1ubuntu2.6", "binary_name": "gnupg-udeb-dbgsym" }, { "binary_version": "1.4.16-1ubuntu2.6", "binary_name": "gpgv" }, { "binary_version": "1.4.16-1ubuntu2.6", "binary_name": "gpgv-dbgsym" }, { "binary_version": "1.4.16-1ubuntu2.6", "binary_name": "gpgv-udeb" }, { "binary_version": "1.4.16-1ubuntu2.6", "binary_name": "gpgv-udeb-dbgsym" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1.4.20-1ubuntu3.3", "binary_name": "gnupg" }, { "binary_version": "1.4.20-1ubuntu3.3", "binary_name": "gnupg-curl" }, { "binary_version": "1.4.20-1ubuntu3.3", "binary_name": "gnupg-curl-dbgsym" }, { "binary_version": "1.4.20-1ubuntu3.3", "binary_name": "gnupg-dbg" }, { "binary_version": "1.4.20-1ubuntu3.3", "binary_name": "gnupg-dbgsym" }, { "binary_version": "1.4.20-1ubuntu3.3", "binary_name": "gpgv" }, { "binary_version": "1.4.20-1ubuntu3.3", "binary_name": "gpgv-dbgsym" }, { "binary_version": "1.4.20-1ubuntu3.3", "binary_name": "gpgv-udeb" }, { "binary_version": "1.4.20-1ubuntu3.3", "binary_name": "gpgv-udeb-dbgsym" } ] }