libgcrypt 1.6.4 implements a protection against key leakage with errors in the calculation of RSA signatures with the Chinese Remainder Theorem: https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000375.html It can be argued whether this is a vulnerability or "just" a hardening measurement. In a correctly working environment this is no security issue, it only becomes one if there is faulty hardware or other bugs in the software that cause miscalculations. A CVE has been requested on oss-security (but mitre may decide that it's not CVE-worthy). The background of this change is a very interesting research paper by Florian Weimer from Red Hat: https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
I'm tempted to call this security hardening rather than a vulnerability myself, although I agree the research paper is interesting. Just bumped package in tree and tested it successfully on my laptop for some common gnupg operations; but should give it some time in tree before stabilizing as usability/stability thrums this security issue/hardening matter. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dff004521fdfbbaff54cdba48f4bc0a51d402fb1
@crypto, 1.6.5 is current stable, but is 1.5.x affected by this?
(In reply to Aaron Bauman from comment #2) > @crypto, 1.6.5 is current stable, but is 1.5.x affected by this? 1.5 is EOL , removal is tracked in bug 567382
This issue was resolved and addressed in GLSA 201610-04 at https://security.gentoo.org/glsa/201610-04 by GLSA coordinator Kristian Fiskerstrand (K_F).
