drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in libgcrypt
Name: |
Zwei Probleme in libgcrypt |
|
ID: |
USN-3347-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 16.10, Ubuntu 17.04 |
|
Datum: |
Mo, 3. Juli 2017, 23:25 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9526 |
|
Applikationen: |
libgcrypt |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============8648627936772720347== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="OAIt29eT9lx2R6K4MaL4RfK7Uc3e4rkc9"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --OAIt29eT9lx2R6K4MaL4RfK7Uc3e4rkc9 Content-Type: multipart/mixed; boundary="w1cPAThCP8OoLutAMJ83wAsiqhmptteTs"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <06ecc497-effa-fe0b-6476-a331e58128fe@canonical.com> Subject: [USN-3347-1] Libgcrypt vulnerabilities
--w1cPAThCP8OoLutAMJ83wAsiqhmptteTs Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3347-1 July 03, 2017
libgcrypt11, libgcrypt20 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04 - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Libgcrypt.
Software Description: - libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library
Details:
Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to recover RSA private keys. (CVE-2017-7526)
It was discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to possibly recover EdDSA private keys. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-9526)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: libgcrypt20 1.7.6-1ubuntu0.1
Ubuntu 16.10: libgcrypt20 1.7.2-2ubuntu1.1
Ubuntu 16.04 LTS: libgcrypt20 1.6.5-2ubuntu0.3
Ubuntu 14.04 LTS: libgcrypt11 1.5.3-2ubuntu4.5
In general, a standard system update will make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3347-1 CVE-2017-7526, CVE-2017-9526
Package Information: https://launchpad.net/ubuntu/+source/libgcrypt20/1.7.6-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libgcrypt20/1.7.2-2ubuntu1.1 https://launchpad.net/ubuntu/+source/libgcrypt20/1.6.5-2ubuntu0.3 https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.3-2ubuntu4.5
--w1cPAThCP8OoLutAMJ83wAsiqhmptteTs--
--OAIt29eT9lx2R6K4MaL4RfK7Uc3e4rkc9 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJZWpROAAoJEGVp2FWnRL6TVakQAJqmz2zS4HAbf+d+yhceQvgV Z5n4mZgZHHMQUmC8uFDULYpln7PWwRM7JjyO4QkgSgg1XiPFzE769/oDZMJUvH2c XMKVrpI6jgsvAPt38dS9W2y8y/8vpWSsLI8UDT7UbNWX33nZUE+Zv14jtmEwo7gp AWXTJ/JDyv0xamLwQy+hqGfBhzVmCz07gpr5Olh5ACP3LqTRPqfm0utO3KtvzRNV klA/tEwFvFVuKAvWy6V9FXS3VDsItX5T9jfNVxKiN+d47EKqKHhmnWOFUMGOrlC8 mx4VkCtfSDZwwdHbUT3/v6pPXi3QM66r9uvK3rOrfWRePaV89AsMLio9GjkPwqod ajVmE8T/wRH0hamMew9CxOqYx2GTpNcluzETKW1sZOVHJU6JiRQelDm/E+qjUBcH oeKI51VzVcJPuKfbAr86CQWSVXkBN+/S+6lU19PKMT235mutKOIYI1t+YOOaEsJC 9o+HYO7+w5uIhHp19QnkzRalS3j8rlPx7NX82On00Pdhupwh60yIdYV4kviD8+uz O0q56gh+wLXtSJJ9Xy8TuF2r1kWJicgur3k1WcqKldfeVvZ+x627DAVmotK4er9y CoBtt6ubwJv6L6cyiSeb2n2cJTosusUQ8t+kvtsXywm0NLUN4Aqu/EQ6BUSKHY8r ML3hPe6x1pqY/Gse47yn =v7uR -----END PGP SIGNATURE-----
--OAIt29eT9lx2R6K4MaL4RfK7Uc3e4rkc9--
--===============8648627936772720347== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8648627936772720347==--
|
|
|
|