{"id":"MGASA-2015-0104","summary":"Updated gnupg and libgcrypt packages fix security vulnerabilities","details":"GnuPG before 1.4.19 is vulnerable to a side-channel attack which can\npotentially lead to an information leak (CVE-2014-3591).\n\nGnuPG before 1.4.19 is vulnerable to a side-channel attack on data-dependent\ntiming variations in modular exponentiation, which can potentially lead to an\ninformation leak (CVE-2015-0837).\n\nThe gnupg package has been patched to correct these issues.\n\nGnuPG2 is vulnerable to these issues through the libgcrypt library.  The\nissues were fixed in libgcrypt 1.6.3.  The libgcrypt package in Mageia,\nat version 1.5.4, was only vulnerable to the CVE-2014-3591 issue.  It has\nalso been patched to correct this issue.\n","modified":"2026-01-30T15:35:53.698427Z","published":"2015-03-10T16:48:25Z","related":["CVE-2014-3591","CVE-2015-0837"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0104.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=15441"},{"type":"REPORT","url":"https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"},{"type":"REPORT","url":"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/150931.html"}],"affected":[{"package":{"name":"gnupg","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/gnupg?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.16-1.2.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0104.json"}},{"package":{"name":"libgcrypt","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/libgcrypt?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.4-1.1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0104.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}