Sicherheit: Preisgabe von Informationen in GnuPG

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============6008026461655061417==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="TUT83PxcKWcnUqw7gN07PCS2RD67rNWcq"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--TUT83PxcKWcnUqw7gN07PCS2RD67rNWcq
Content-Type: multipart/mixed;
boundary="udH8lwA4LG2KkFwfxV2oveDWkG6xisi8o"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <048abc7e-75e4-cb0f-88bc-151c0ab690f6@canonical.com>
Subject: [USN-3064-1] GnuPG vulnerability

--udH8lwA4LG2KkFwfxV2oveDWkG6xisi8o
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3064-1
August 18, 2016

gnupg vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

GnuPG incorrectly generated random numbers.

Software Description:
- gnupg: GNU privacy guard - a free PGP replacement

Details:

Felix DÃ¶rre and Vladimir Klebanov discovered that GnuPG incorrectly handled
mixing functions in the random number generator. An attacker able to obtain
4640 bits from the RNG can trivially predict the next 160 bits of output.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
gnupg 1.4.20-1ubuntu3.1

Ubuntu 14.04 LTS:
gnupg 1.4.16-1ubuntu2.4

Ubuntu 12.04 LTS:
gnupg 1.4.11-3ubuntu2.10

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-3064-1
CVE-2016-6313

Package Information:
https://launchpad.net/ubuntu/+source/gnupg/1.4.20-1ubuntu3.1
https://launchpad.net/ubuntu/+source/gnupg/1.4.16-1ubuntu2.4
https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu2.10

--udH8lwA4LG2KkFwfxV2oveDWkG6xisi8o--

--TUT83PxcKWcnUqw7gN07PCS2RD67rNWcq
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJXtgnbAAoJEGVp2FWnRL6ThxoQAKUEnJ64Mktr7L+Nxp7UzxWz
xiaPUQv0ZsWgHpl9CtfE7tZMSr4SK8VMyLX2qY0hlx0O9osIMrXWHVOXrnOCAheX
3+7KvgT260RXril8iU+e4ZbJPuMEX7S+AU8acmXWqi0P1mBY+wAFwmIibrL8aK0R
4fnNFO95zD6ZrXyi6RAdbzFRrcCM7+nc4FlWVYJ1Wj2gujU71YMM6R2rEiFb+dPV
PpvCP3DajsiB9mzSP6g1mTf1Xkn1tukm9ETXmarFNajyeHOp4bNih5htL5vGW69U
50Ckfl3FC3KtIkyunQ0GVcXI8p0wSFs359c91RCQ/t/wjRG9meiIpq8pUtuBXGO6
1xdax2+ayazTbhyIB/n1dEgi0ORhlR1VDg1olJCXKc8qqkmiU9XdJrK5qtm0Tomj
UrMV9wL8Wy+gbNaSLWpYop/qX5nBg1W31yWvIA0k+PwmUMfY64XVNbRL9WfFq8X8
Vviwbh5MYZ/8B9C2AUKTveUO8S9QeYeRz1Z8gj+zVuHcaVKHQJIYA7KkXV+NC1L8
XBdffFgtuXyDLftng8HSecgVfL+5swuh4tOnHAZ44/MtcXSPUsfXLhvz38vFJ73b
BG2yWlkPq6ONEcCQt6k3RZh0rwGxjJBBlyoM8xnhrD9+CD8cX3OImlYYP0w6iQX1
Cjn2u+H797n8AadQEJDr
=qgg/
-----END PGP SIGNATURE-----

--TUT83PxcKWcnUqw7gN07PCS2RD67rNWcq--

--===============6008026461655061417==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============6008026461655061417==--