drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in GnuPG
Name: |
Preisgabe von Informationen in GnuPG |
|
ID: |
USN-3064-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 16.04 LTS |
|
Datum: |
Do, 18. August 2016, 23:32 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313 |
|
Applikationen: |
The GNU Privacy Guard |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============6008026461655061417== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="TUT83PxcKWcnUqw7gN07PCS2RD67rNWcq"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --TUT83PxcKWcnUqw7gN07PCS2RD67rNWcq Content-Type: multipart/mixed; boundary="udH8lwA4LG2KkFwfxV2oveDWkG6xisi8o" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <048abc7e-75e4-cb0f-88bc-151c0ab690f6@canonical.com> Subject: [USN-3064-1] GnuPG vulnerability
--udH8lwA4LG2KkFwfxV2oveDWkG6xisi8o Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3064-1 August 18, 2016
gnupg vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
GnuPG incorrectly generated random numbers.
Software Description: - gnupg: GNU privacy guard - a free PGP replacement
Details:
Felix Dörre and Vladimir Klebanov discovered that GnuPG incorrectly handled mixing functions in the random number generator. An attacker able to obtain 4640 bits from the RNG can trivially predict the next 160 bits of output.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: gnupg 1.4.20-1ubuntu3.1
Ubuntu 14.04 LTS: gnupg 1.4.16-1ubuntu2.4
Ubuntu 12.04 LTS: gnupg 1.4.11-3ubuntu2.10
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3064-1 CVE-2016-6313
Package Information: https://launchpad.net/ubuntu/+source/gnupg/1.4.20-1ubuntu3.1 https://launchpad.net/ubuntu/+source/gnupg/1.4.16-1ubuntu2.4 https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu2.10
--udH8lwA4LG2KkFwfxV2oveDWkG6xisi8o--
--TUT83PxcKWcnUqw7gN07PCS2RD67rNWcq Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJXtgnbAAoJEGVp2FWnRL6ThxoQAKUEnJ64Mktr7L+Nxp7UzxWz xiaPUQv0ZsWgHpl9CtfE7tZMSr4SK8VMyLX2qY0hlx0O9osIMrXWHVOXrnOCAheX 3+7KvgT260RXril8iU+e4ZbJPuMEX7S+AU8acmXWqi0P1mBY+wAFwmIibrL8aK0R 4fnNFO95zD6ZrXyi6RAdbzFRrcCM7+nc4FlWVYJ1Wj2gujU71YMM6R2rEiFb+dPV PpvCP3DajsiB9mzSP6g1mTf1Xkn1tukm9ETXmarFNajyeHOp4bNih5htL5vGW69U 50Ckfl3FC3KtIkyunQ0GVcXI8p0wSFs359c91RCQ/t/wjRG9meiIpq8pUtuBXGO6 1xdax2+ayazTbhyIB/n1dEgi0ORhlR1VDg1olJCXKc8qqkmiU9XdJrK5qtm0Tomj UrMV9wL8Wy+gbNaSLWpYop/qX5nBg1W31yWvIA0k+PwmUMfY64XVNbRL9WfFq8X8 Vviwbh5MYZ/8B9C2AUKTveUO8S9QeYeRz1Z8gj+zVuHcaVKHQJIYA7KkXV+NC1L8 XBdffFgtuXyDLftng8HSecgVfL+5swuh4tOnHAZ44/MtcXSPUsfXLhvz38vFJ73b BG2yWlkPq6ONEcCQt6k3RZh0rwGxjJBBlyoM8xnhrD9+CD8cX3OImlYYP0w6iQX1 Cjn2u+H797n8AadQEJDr =qgg/ -----END PGP SIGNATURE-----
--TUT83PxcKWcnUqw7gN07PCS2RD67rNWcq--
--===============6008026461655061417== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============6008026461655061417==--
|
|
|
|