drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in libgcrypt
Name: |
Preisgabe von Informationen in libgcrypt |
|
ID: |
USN-3065-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 16.04 LTS |
|
Datum: |
Do, 18. August 2016, 23:33 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313 |
|
Applikationen: |
libgcrypt |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============7400633308482629572== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="4VdXH7maIVDNIFr30POH9Itk1wG1k7IbR"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --4VdXH7maIVDNIFr30POH9Itk1wG1k7IbR Content-Type: multipart/mixed; boundary="usnmOv67j8KUiWWItImRkvJFCbbeffWUS" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <f20935f3-eeb3-e607-61d8-038c2ebd5bb3@canonical.com> Subject: [USN-3065-1] Libgcrypt vulnerability
--usnmOv67j8KUiWWItImRkvJFCbbeffWUS Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3065-1 August 18, 2016
libgcrypt11, libgcrypt20 vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
Libgcrypt incorrectly generated random numbers.
Software Description: - libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library
Details:
Felix Dörre and Vladimir Klebanov discovered that Libgcrypt incorrectly handled mixing functions in the random number generator. An attacker able to obtain 4640 bits from the RNG can trivially predict the next 160 bits of output.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libgcrypt20 1.6.5-2ubuntu0.2
Ubuntu 14.04 LTS: libgcrypt11 1.5.3-2ubuntu4.4
Ubuntu 12.04 LTS: libgcrypt11 1.5.0-3ubuntu0.6
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3065-1 CVE-2016-6313
Package Information: https://launchpad.net/ubuntu/+source/libgcrypt20/1.6.5-2ubuntu0.2 https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.3-2ubuntu4.4 https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.0-3ubuntu0.6
--usnmOv67j8KUiWWItImRkvJFCbbeffWUS--
--4VdXH7maIVDNIFr30POH9Itk1wG1k7IbR Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJXtgnvAAoJEGVp2FWnRL6TBQ8P/RzR9Uf1O5gSo8S5vKZ2wJir cdFM+4bZK8Wx6nCET5gcrgaWXHlfeJAt9iAkZjVtt0XSVKuHJeuRWPHTHBZ1N9tu B+5I32pOmpcjgQIp0CIjT/OnDi3O8+wz0Q3/piy277SOtdMew5PlpdOsc7BrsC9d Gqf9btOp1zqHI3cx461vsjXjN5coYqhdPXKfEcVM1oGZRqV/rdwb+bQnfH0MxPIv sZW5ApOnHAtT/vDzPz+n/D1m51PdtDsbnFyvCDUHfAVPhK3Gt02xYZtzjuu3s3F9 Dp5l1RkOW385jj0/ALD4VCmTYfmLk8QtDMh0oCs5qawtogC9ComB+jS0OJfbZ4uL s7Y9o/E/lo20fLHM7MgKukqxymQXy3G7SM4E6SYmfiZghi6RE2T0tLon12CJf0EF cPGuYOqTGHnq0gyGjGJqKipcmMSOd2/nPLfh3nW2vbCY09HCDWrM/zU3/PCb3boh Mcdyo7qbQSgNeiZf32taIBkoCjdTfyvyWciJsLNh/qu0eYlUI9JA31x5ajMET9t8 /aTMl0bwHLYpmFg9TbMgA16cyxJpiOviCV1cqBOKmynx+aDDY29z8GH3ksbseC7p lI8OY8zlSMUQPnCpoKOWG8AJ1s4GzjFh50xjFwR8CYB0xSr+nYc9PuCqtMVn6bOk yzUv5lJl0gGv/w6mGtbd =A2cO -----END PGP SIGNATURE-----
--4VdXH7maIVDNIFr30POH9Itk1wG1k7IbR--
--===============7400633308482629572== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============7400633308482629572==--
|
|
|
|