Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that GnuPG is vulnerable to a cache side-channel attack. A local attacker could use this attack to recover RSA private keys.
{ "availability": "No subscription required", "binaries": [ { "gnupg-curl": "1.4.16-1ubuntu2.6", "gnupg-udeb": "1.4.16-1ubuntu2.6", "gnupg-udeb-dbgsym": "1.4.16-1ubuntu2.6", "gnupg-dbgsym": "1.4.16-1ubuntu2.6", "gnupg": "1.4.16-1ubuntu2.6", "gpgv": "1.4.16-1ubuntu2.6", "gnupg-curl-dbgsym": "1.4.16-1ubuntu2.6", "gpgv-udeb-dbgsym": "1.4.16-1ubuntu2.6", "gpgv-dbgsym": "1.4.16-1ubuntu2.6", "gpgv-udeb": "1.4.16-1ubuntu2.6" } ] }
{ "availability": "No subscription required", "binaries": [ { "gnupg-curl": "1.4.20-1ubuntu3.3", "gpgv-dbgsym": "1.4.20-1ubuntu3.3", "gnupg-dbgsym": "1.4.20-1ubuntu3.3", "gnupg": "1.4.20-1ubuntu3.3", "gpgv": "1.4.20-1ubuntu3.3", "gnupg-curl-dbgsym": "1.4.20-1ubuntu3.3", "gpgv-udeb-dbgsym": "1.4.20-1ubuntu3.3", "gnupg-dbg": "1.4.20-1ubuntu3.3", "gpgv-udeb": "1.4.20-1ubuntu3.3" } ] }