Debian Security Advisory
DLA-1080-1 gnupg -- LTS security update
- Date Reported:
- 31 Aug 2017
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-7526.
- More information:
Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that gnupg is prone to a local side-channel attack allowing full key recovery for RSA-1024.
See https://eprint.iacr.org/2017/627 for details.
For Debian 7
Wheezy, these problems have been fixed in version 1.4.12-7+deb7u9.
We recommend that you upgrade your gnupg packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS