Nacionalni CERT

Sigurnosni nedostatak programske biblioteke libgcrypt

<p>--------------------------------------------------------------------------------<br />Fedora Update Notification<br />FEDORA-2017-8cd171f540<br />2017-11-14 07:50:36.153597<br />--------------------------------------------------------------------------------<br /><br />Name : libgcrypt<br />Product : Fedora 25<br />Version : 1.7.9<br />Release : 1.fc25<br />URL : http://www.gnupg.org/<br />Summary : A general-purpose cryptography library<br />Description :<br />Libgcrypt is a general purpose crypto library based on the code used<br />in GNU Privacy Guard. This is a development version.<br /><br />--------------------------------------------------------------------------------<br />Update Information:<br /><br />Minor security update release 1.7.9.<br />--------------------------------------------------------------------------------<br />References:<br /><br /> [ 1 ] Bug #1485921 - CVE-2017-0379 libgcrypt: Missing input validation for X25519 curve<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1485921<br />--------------------------------------------------------------------------------<br /><br />This update can be installed with the "dnf" update program. Use<br />su -c 'dnf upgrade libgcrypt' at the command line.<br />For more information, refer to the dnf documentation available at<br />http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-lab... /><br />All packages are signed with the Fedora Project GPG key. More details on the<br />GPG keys used by the Fedora Project can be found at<br />https://fedoraproject.org/keys<br />--------------------------------------------------------------------------------<br />_______________________________________________<br />package-announce mailing list -- package-announce@lists.fedoraproject.org<br />To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org</p>
Otkriven je sigurnosni nedostatak u programskoj biblioteki libgcrypt za Fedoru. Otkriveni nedostatak uzrokovan je nepravilnom obradom ulaznih parametara Curve25519 krivulje, što potencijalnim napadačima olakšava otkrivanje tajnog ključa povezanog s datotekama cipher/ecc.c i mpi/ec.c. Savjetuje se ažuriranje izdanim zakrpama.