You are here
Home > Preporuke > Sigurnosni nedostatak programskih paketa gnupg i libgcrypt11

Sigurnosni nedostatak programskih paketa gnupg i libgcrypt11

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2339-1
September 03, 2014

gnupg vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

GnuPG could expose sensitive information when performing decryption.

Software Description:
– gnupg: GNU privacy guard – a free PGP replacement

Details:

Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was
susceptible to an adaptive chosen ciphertext attack via physical side
channels. A local attacker could use this attack to possibly recover
private keys.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
gnupg 1.4.11-3ubuntu2.7

Ubuntu 10.04 LTS:
gnupg 1.4.10-2ubuntu1.7

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2339-1
CVE-2014-5270

Package Information:
https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu2.7
https://launchpad.net/ubuntu/+source/gnupg/1.4.10-2ubuntu1.7

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJUB1lXAAoJEGVp2FWnRL6TFEQQALCX9CkNdxf/Th95mi1cfYNM
lIGdGfMiJcWoTFhusdznQT6kKsT7mZwZrVHw+ziDSFnsvOi5yH41DqFSjdBDnP1h
UqDru0OdHUPavEO+dL317mK7bZ46yHzPSgS8jtDt+rcWd5FadYjfrQxPxZcgMB2H
9YZ5jy86E7kJPHy0JAedFk9aY2eEFW/1BNzFLlqgFFch3iRAUyH8AXU9/00DHBoN
yBDcaLAmXXt6MZzhfrHW6Ya4z6OXMlaQ67Dvq9eW1IS+nhLbmyd3ETpG4xACfOAh
MYwAdVlO3zUve5BncbPFQzPjKd9JRLk0LcO51kPhDtjpR0yZwS2WrOn1fzx6N80d
Ugl6S3yc62vdS6zV7OnohEc8yuBjrveHd1HNhldHydkBJLt+n//iT7KCzGwnFjCS
atPzRicFB4IrgUE9wseJ9jIs4TWTSGEBb2BU3C6pNjiCVplidfBP/EWZ2KIKX1i/
2GGfov/j3l1ZyanxO6p+wSi+35eWn1Cu86E6dr6JAhN1yUUTy8AbzVopPpSI/mla
ARTu1NeZv6/AV9jTif5qEidiMblHqlnlfSrEU7TQTraevJcBIgNOhm6bmQfCTl/3
7N9HoUF5XCfhUPBrpAAaxzABoiGgxJJ7nLuqDfj9Fi6XQwldJIe+Pp+kkbpuRExv
o07u/xxhgjLmPHWTNv+W
=EEKZ
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2339-2
September 03, 2014

libgcrypt11 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

Libgcrypt could expose sensitive information when performing decryption.

Software Description:
– libgcrypt11: LGPL Crypto library

Details:

Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was
susceptible to an adaptive chosen ciphertext attack via physical side
channels. A local attacker could use this attack to possibly recover
private keys.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
libgcrypt11 1.5.3-2ubuntu4.1

Ubuntu 12.04 LTS:
libgcrypt11 1.5.0-3ubuntu0.3

Ubuntu 10.04 LTS:
libgcrypt11 1.4.4-5ubuntu2.3

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2339-2
http://www.ubuntu.com/usn/usn-2339-1
CVE-2014-5270

Package Information:
https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.3-2ubuntu4.1
https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.0-3ubuntu0.3
https://launchpad.net/ubuntu/+source/libgcrypt11/1.4.4-5ubuntu2.3

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJUB1ltAAoJEGVp2FWnRL6TcWEP/jgaW1+UiecFa500MeICm3a4
RcRGY7LUXUCoik94rU04Q40ydjq8k3L1Qqehwj9aBTnv1gD512xa/n5RD7Yaq3o6
peaXf1WEOKwclhV5coCmgLYHOwxjKN1QtFw2Zd8nlGV25eH6zE5pucO9ZxOO5nVy
YqYwZIq5dyRxtd2jq+sZDmAXpMYqDGge9DYPb2aB81JZser1aAaChR+a+9yNtEPb
IxFA9uv6sK7/V4fHHeNFJ0pQREH6sYrnKyvEX0vds00+loU/Dcjhd092M3YLvH5l
thVC//OLXXVm+nt62Zlq+lGs/l221YGqno8qTHYd1maRNUGIQO+Auzpth90K+ldP
SsD0BfSn5MBlkOfDoQgzqhZdCbAM1+nCo5icfjbHcEFE4EtBJULEk7R191yp+Hqb
0slO4VRgc7HkzUY3xWNznILxCxBMvjfb4mnhUOeZKA1cssfCnXoFX313/oKbgb9Y
V7gomUrV1dAHuSln3YMknMV5W7GBJ07GZ0158m2BLIUrB1Qi3A3bQHTVWHuIhj7y
EBaCj6IepuwD03S9Xap93AkRBxXXbwarpsQss95VkVXVv2EMzQDuCRrRsyt/YsJp
UyVssZFW0fa6/fDlUBqY1xOx5RwFUpOUkR+FwKAwudu1Z1iuzoSJKqJtcElGCVtO
p6PFSvclblqiPqqx4Mt8
=F9IR
—–END PGP SIGNATURE—–

AutorMarijo Plepelic
Cert idNCERT-REF-2014-09-0004-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa iceweasel

Otkriveni su sigurnosni nedostaci u programskom paketu iceweasel. Otkriveni nedostaci posljedica su neispravnog rada s memorijom. Potencijalnim napadačima omogućuju izvođenje...

Close