gnupg: CVE-2013-4242

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. Patch from commit e2202ff2b704623efc6277fb5256e4e15bac5676 in git://git.gnupg.org/libgcrypt.git Signed-off-by: Yong Zhang <yong.zhang@windriver.com> Signed-off-by: Kai Kang <kai.kang@windriver.com>
author: Kai Kang <kai.kang@windriver.com> 2014-10-15 15:16:31 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-10-18 16:12:56 +0200
commit: d1e0f3e71ce9978ff0fc94d71e67b528dad84c5c (patch)
tree: 00a18f11b0cd62b1b0671356422ac6e0c7b56ed3 /meta/recipes-support/gnupg/gnupg_1.4.7.bb
parent: b145374c0a498de0160a9b81f50ce0066ab14862 (diff)
download: openembedded-core-contrib-d1e0f3e71ce9978ff0fc94d71e67b528dad84c5c.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-support/gnupg/gnupg_1.4.7.bb b/meta/recipes-support/gnupg/gnupg_1.4.7.bb
index ddcc2c24fe..7be56fd7b5 100644
--- a/meta/recipes-support/gnupg/gnupg_1.4.7.bb
+++ b/meta/recipes-support/gnupg/gnupg_1.4.7.bb
@@ -17,6 +17,7 @@ SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-${PV}.tar.bz2 \
            file://curl_typeof_fix_backport.patch \
            file://CVE-2013-4351.patch \
            file://CVE-2013-4576.patch \
+           file://CVE-2013-4242.patch \
 	  "
 
 SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c"
author	Kai Kang <kai.kang@windriver.com>	2014-10-15 15:16:31 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-10-18 16:12:56 +0200
commit	d1e0f3e71ce9978ff0fc94d71e67b528dad84c5c (patch)
tree	00a18f11b0cd62b1b0671356422ac6e0c7b56ed3 /meta/recipes-support/gnupg/gnupg_1.4.7.bb
parent	b145374c0a498de0160a9b81f50ce0066ab14862 (diff)
download	openembedded-core-contrib-d1e0f3e71ce9978ff0fc94d71e67b528dad84c5c.tar.gz