-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJUB1lXAAoJEGVp2FWnRL6TFEQQALCX9CkNdxf/Th95mi1cfYNM
lIGdGfMiJcWoTFhusdznQT6kKsT7mZwZrVHw+ziDSFnsvOi5yH41DqFSjdBDnP1h
UqDru0OdHUPavEO+dL317mK7bZ46yHzPSgS8jtDt+rcWd5FadYjfrQxPxZcgMB2H
9YZ5jy86E7kJPHy0JAedFk9aY2eEFW/1BNzFLlqgFFch3iRAUyH8AXU9/00DHBoN
yBDcaLAmXXt6MZzhfrHW6Ya4z6OXMlaQ67Dvq9eW1IS+nhLbmyd3ETpG4xACfOAh
MYwAdVlO3zUve5BncbPFQzPjKd9JRLk0LcO51kPhDtjpR0yZwS2WrOn1fzx6N80d
Ugl6S3yc62vdS6zV7OnohEc8yuBjrveHd1HNhldHydkBJLt+n//iT7KCzGwnFjCS
atPzRicFB4IrgUE9wseJ9jIs4TWTSGEBb2BU3C6pNjiCVplidfBP/EWZ2KIKX1i/
2GGfov/j3l1ZyanxO6p+wSi+35eWn1Cu86E6dr6JAhN1yUUTy8AbzVopPpSI/mla
ARTu1NeZv6/AV9jTif5qEidiMblHqlnlfSrEU7TQTraevJcBIgNOhm6bmQfCTl/3
7N9HoUF5XCfhUPBrpAAaxzABoiGgxJJ7nLuqDfj9Fi6XQwldJIe+Pp+kkbpuRExv
o07u/xxhgjLmPHWTNv+W
=EEKZ
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2339-1
September 03, 2014
gnupg vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
GnuPG could expose sensitive information when performing decryption.
Software Description:
- gnupg: GNU privacy guard - a free PGP replacement
Details:
Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was
susceptible to an adaptive chosen ciphertext attack via physical side
channels. A local attacker could use this attack to possibly recover
private keys.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
gnupg 1.4.11-3ubuntu2.7
Ubuntu 10.04 LTS:
gnupg 1.4.10-2ubuntu1.7
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2339-1
CVE-2014-5270
Package Information:
https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu2.7
https://launchpad.net/ubuntu/+source/gnupg/1.4.10-2ubuntu1.7
No comments:
Post a Comment