You are here
Home > Preporuke > Sigurnosni propust programskog paketa gpgme1.0

Sigurnosni propust programskog paketa gpgme1.0

  • Detalji os-a: LUB
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2307-1
August 06, 2014

gpgme1.0 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

GPGME could be made to crash or run programs as your login if it processed
a specially crafted certificate.

Software Description:
– gpgme1.0: GPGME – GnuPG Made Easy (library)

Details:

Tomáš Trnka discovered that GPGME incorrectly handled certain certificate
line lengths. An attacker could use this issue to cause applications using
GPGME to crash, resulting in a denial of service, or possibly execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
libgpgme11 1.4.3-0.1ubuntu5.1

Ubuntu 12.04 LTS:
libgpgme11 1.2.0-1.4ubuntu2.1

Ubuntu 10.04 LTS:
libgpgme11 1.2.0-1.2ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2307-1
CVE-2014-3564

Package Information:
https://launchpad.net/ubuntu/+source/gpgme1.0/1.4.3-0.1ubuntu5.1
https://launchpad.net/ubuntu/+source/gpgme1.0/1.2.0-1.4ubuntu2.1
https://launchpad.net/ubuntu/+source/gpgme1.0/1.2.0-1.2ubuntu1.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJT4i7tAAoJEGVp2FWnRL6T8zoP+wRiHxeasx3NSC92Z4/9Zemh
ddejOAGIN0eAWaiX4+BUAt0JZiB9u/RU0frG0cj2ssbBHIJP6HPBoGtIUXTBd8I9
MQwNzsDQbi+E/tDc82V7xasOHqJSppbUAr8gm8JAr5z5wkMxGPB9pw4HIVASGX0r
7wP/cM2qS6mW/+EqB1zOCC0s+GQU/jKHnO6Wtqt/I/DP9r3rPl7wmS/W1QnWBkM2
oI1rC1unpOVjcM6CWMlNY/tlLyGRncX0DXsFBm7fh2pIY5sEvdz9GUMsyl6urdpQ
fhpe5DfgwUKdFrttc8yOBKxCjN3d6X7X4GlAhj7g9SgwmE6okzjbCKjLqf3DpJQb
h+XNkz9eqF93HMvnAf6pw1tKKqxsQDn95yVl5EyQoAMD4voQGuy9UF3MxfNQTA1M
g5jj6Yb6a+elJjVu8NVPn7bDGpLSBskBZbN4MnnVc2mS8mPrFAKvYbpjOT+NHqfA
xsgD3SteEfOf6PC/IxvAbAKOed15EQrQLgOAV6PN7ZwZVFPxeRn5uU9l91gY8u2O
nisU7piLW/boMP1PVPawmdlYXwZJOQ4/n4K9BSLkpW7qVAK9lU9PcQFi570jqs5t
s1I9nZIiXT1VRvG0AzdU5ilFpu4MxMR7J7XXjN3Mc5VKC1UtnWyTaALitfFuOfBg
Co6lCMG7I9vSJSX5vGjL
=088u
—–END PGP SIGNATURE—–

AutorTomislav Protega
Cert idNCERT-REF-2014-08-0001-ADV
CveCVE-2014-3564
ID izvornikaUSN-2307-1
Proizvodgpgme1.0
Izvorhttp://www.ubuntu.com
Top
More in Preporuke
Ranjivost programskog paketa tor

Otkrivena je ranjivost u inačici paketa tor starijoj od 0.2.4.23. Ranjivost se očitovala zadržavanjem mrežne putanje (circuit) po primitku ulazne...

Close