Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31892
HistoryApr 09, 2015 - 12:00 a.m.

[USN-2554-1] GnuPG vulnerabilities

2015-04-0900:00:00
vulners.com
11
JSON

==========================================================================
Ubuntu Security Notice USN-2554-1
April 01, 2015

gnupg, gnupg2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in GnuPG.

Software Description:

  • gnupg: GNU privacy guard - a free PGP replacement
  • gnupg2: GNU privacy guard - a free PGP replacement

Details:

Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered
that GnuPG was susceptible to an attack via physical side channels. A local
attacker could use this attack to possibly recover private keys.
(CVE-2014-3591)

Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was
susceptible to an attack via physical side channels. A local attacker could
use this attack to possibly recover private keys. (CVE-2015-0837)

Hanno Bock discovered that GnuPG incorrectly handled certain malformed
keyrings. If a user or automated system were tricked into opening a
malformed keyring, a remote attacker could use this issue to cause GnuPG to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2015-1606, CVE-2015-1607)

In addition, this update improves GnuPG security by validating that the
keys returned by keyservers match those requested.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
gnupg 1.4.16-1.2ubuntu1.2
gnupg2 2.0.24-1ubuntu2.2

Ubuntu 14.04 LTS:
gnupg 1.4.16-1ubuntu2.3
gnupg2 2.0.22-3ubuntu1.3

Ubuntu 12.04 LTS:
gnupg 1.4.11-3ubuntu2.9
gnupg2 2.0.17-2ubuntu2.12.04.6

Ubuntu 10.04 LTS:
gnupg 1.4.10-2ubuntu1.8

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2554-1
CVE-2014-3591, CVE-2014-5270, CVE-2015-0837, CVE-2015-1606,
CVE-2015-1607

Package Information:
https://launchpad.net/ubuntu/+source/gnupg/1.4.16-1.2ubuntu1.2
https://launchpad.net/ubuntu/+source/gnupg2/2.0.24-1ubuntu2.2
https://launchpad.net/ubuntu/+source/gnupg/1.4.16-1ubuntu2.3
https://launchpad.net/ubuntu/+source/gnupg2/2.0.22-3ubuntu1.3
https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu2.9
https://launchpad.net/ubuntu/+source/gnupg2/2.0.17-2ubuntu2.12.04.6
https://launchpad.net/ubuntu/+source/gnupg/1.4.10-2ubuntu1.8

– ubuntu-security-announce mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Related

nessus 53
openvas 36
ubuntu 4
securityvulns 4
debian 9
osv 8
amazon 2
mageia 5
fedora 7
slackware 1
gentoo 3
prion 5
debiancve 5
ubuntucve 5
cve 6
veracode 1
rosalinux 1
ibm 1
nessus
nessus
Ubuntu 14.04 LTS : GnuPG vulnerabilities (USN-2554-1)
2015-04-02 00:00:00
Debian DLA-175-1 : gnupg security update
2015-03-26 00:00:00
Debian DSA-3184-1 : gnupg - security update
2015-03-13 00:00:00
openvas
openvas
Ubuntu Update for gnupg USN-2554-1
2015-04-02 00:00:00
Debian Security Advisory DSA 3184-1 (gnupg - security update)
2015-03-12 00:00:00
Univention Corporate Server 4.0 erratum 137
2015-04-09 00:00:00
ubuntu
ubuntu
GnuPG vulnerabilities
2015-04-01 00:00:00
Libgcrypt vulnerabilities
2015-04-01 00:00:00
Libgcrypt vulnerability
2014-09-03 00:00:00
securityvulns
securityvulns
GnuPG / libgcrypt multiple security vulnerabilities
2015-04-09 00:00:00
[SECURITY] [DSA 3184-1] gnupg security update
2015-03-15 00:00:00
[USN-2339-1] GnuPG vulnerability
2014-09-15 00:00:00
debian
debian
[SECURITY] [DLA 175-1] gnupg security update
2015-03-17 15:35:28
[SECURITY] [DSA 3184-1] gnupg security update
2015-03-12 17:50:45
[SECURITY] [DLA 190-1] libgcrypt11 security update
2015-04-09 10:44:31
osv
osv
gnupg - security update
2015-03-12 00:00:00
gnupg - security update
2015-03-17 00:00:00
libgcrypt11 - security update
2015-03-12 00:00:00
amazon
amazon
Medium: libgcrypt
2015-08-04 17:43:00
Low: gnupg2
2015-07-28 11:35:00
mageia
mageia
Updated gnupg packages fix security vulnerabilities
2015-09-14 00:58:30
Updated gnupg and libgcrypt packages fix security vulnerabilities
2015-03-10 19:48:25
Updated libgcrypt packages fix CVE-2014-5270
2014-09-05 13:07:37
fedora
fedora
[SECURITY] Fedora 21 Update: gnupg-1.4.19-1.fc21
2015-03-06 06:58:13
[SECURITY] Fedora 22 Update: mingw-libgcrypt-1.6.3-1.fc22
2015-05-01 16:50:20
[SECURITY] Fedora 21 Update: libgcrypt-1.6.3-1.fc21
2015-03-18 10:23:58
slackware
slackware
[slackware-security] gnupg
2015-04-22 01:20:04
gentoo
gentoo
GnuPG: Multiple vulnerabilities
2016-06-05 00:00:00
libgcrypt: Multiple vulnerabilities
2016-10-10 00:00:00
Libgcrypt: Side-channel attack
2014-08-29 00:00:00
prion
prion
Design/Logic Flaw
2019-11-20 19:15:00
Design/Logic Flaw
2019-11-20 19:15:00
Code injection
2019-11-29 22:15:00
debiancve
debiancve
CVE-2015-1607
2019-11-20 19:15:00
CVE-2015-1606
2019-11-20 19:15:00
CVE-2014-3591
2019-11-29 22:15:00
ubuntucve
ubuntucve
CVE-2015-1607
2015-02-16 00:00:00
CVE-2015-1606
2015-02-16 00:00:00
CVE-2014-3591
2014-12-31 00:00:00
cve
cve
CVE-2015-1606
2019-11-20 19:15:00
CVE-2015-1607
2019-11-20 19:15:00
CVE-2014-3591
2019-11-29 22:15:00
veracode
veracode
Side Channel Attack
2019-12-04 06:58:14
rosalinux
rosalinux
Advisory ROSA-SA-2021-1870
2021-07-02 17:14:28
ibm
ibm
Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs
2023-03-08 18:05:21
JSON
Related for SECURITYVULNS:DOC:31892
nessus53openvas36ubuntu4securityvulns4debian9osv8amazon2mageia5fedora7slackware1gentoo3prion5debiancve5ubuntucve5cve6veracode1rosalinux1ibm1