You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa gnupg

Sigurnosni nedostatak programskog paketa gnupg

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

==========================================================================
Ubuntu Security Notice USN-3733-1
August 07, 2018

gnupg vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– – Ubuntu 16.04 LTS
– – Ubuntu 14.04 LTS

Summary:

GnuPG could be made to expose sensitive information.

Software Description:
– – gnupg: GNU privacy guard – a free PGP replacement

Details:

Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink,
Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom
discovered that GnuPG is vulnerable to a cache side-channel attack. A local
attacker could use this attack to recover RSA private keys.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
gnupg 1.4.20-1ubuntu3.3
gnupg-curl 1.4.20-1ubuntu3.3
gpgv 1.4.20-1ubuntu3.3

Ubuntu 14.04 LTS:
gnupg 1.4.16-1ubuntu2.6
gnupg-curl 1.4.16-1ubuntu2.6
gpgv 1.4.16-1ubuntu2.6

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3733-1
CVE-2017-7526, https://launchpad.net/bugs/1785176

Package Information:
https://launchpad.net/ubuntu/+source/gnupg/1.4.20-1ubuntu3.3
https://launchpad.net/ubuntu/+source/gnupg/1.4.16-1ubuntu2.6

—–BEGIN PGP SIGNATURE—–

iQEzBAEBCgAdFiEEiOlTC8vdwgBRe16w9JjS2d59rZwFAltpWFIACgkQ9JjS2d59
rZyPrQf/VPt2TDffx0VcATRASWbufWwfCoLqi1WctpRX4AEACWX1Y9yv3BVhql/X
KFMfULBhtNh5D41o7H1SHUhQPdxSYStt/0meXeU90ufgmdw5xacNTTUvQtDbMp+P
OZj7dm/zer8WYbgqHGWWLcuu6gL5TQ+6Bqlxn6VnfZunUXSEL+EXWOQgSflgBae0
78pixw2AfBy82kB+PFcG8JkX9P4JGSjE3iJhXOer6RbiAAIhQ4VAM8NXHvENK3Ru
aHzu/NrEAHIlZGwYiwOCl7gFZn2X+BWJAVBEzNUSqu+p4+ZhZON127dtIo0Ni62J
wZltX5i0XZQrHOxzukbimZsiv+aM/g==
=X0Hg
—–END PGP SIGNATURE—–

AutorZvonimir Bosnjak
Cert idNCERT-REF-2018-08-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak jezgre operacijskog sustava

Otkriven je sigurnosni nedostatak jezgre operacijskog sustava FreeBSD. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja. Savjetuje se ažuriranje izdanim...

Close