Login
Newsletter
Werbung
Sicherheit: Zwei Probleme in libgcrypt
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in libgcrypt
ID: USN-3347-1
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 16.10, Ubuntu 17.04
Datum: Mo, 3. Juli 2017, 23:25
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9526
Applikationen: libgcrypt

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============8648627936772720347==
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="OAIt29eT9lx2R6K4MaL4RfK7Uc3e4rkc9"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--OAIt29eT9lx2R6K4MaL4RfK7Uc3e4rkc9
Content-Type: multipart/mixed;
 boundary="w1cPAThCP8OoLutAMJ83wAsiqhmptteTs";
 protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <06ecc497-effa-fe0b-6476-a331e58128fe@canonical.com>
Subject: [USN-3347-1] Libgcrypt vulnerabilities

--w1cPAThCP8OoLutAMJ83wAsiqhmptteTs
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3347-1
July 03, 2017

libgcrypt11, libgcrypt20 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.04
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Libgcrypt.

Software Description:
- libgcrypt20: LGPL Crypto library
- libgcrypt11: LGPL Crypto library

Details:

Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot
Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and
Yuval Yarom discovered that Libgcrypt was susceptible to an attack via
side channels. A local attacker could use this attack to recover RSA
private keys. (CVE-2017-7526)

It was discovered that Libgcrypt was susceptible to an attack via
side channels. A local attacker could use this attack to possibly recover
EdDSA private keys. This issue only applied to Ubuntu 16.04 LTS, Ubuntu
16.10 and Ubuntu 17.04. (CVE-2017-9526)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  libgcrypt20                     1.7.6-1ubuntu0.1

Ubuntu 16.10:
  libgcrypt20                     1.7.2-2ubuntu1.1

Ubuntu 16.04 LTS:
  libgcrypt20                     1.6.5-2ubuntu0.3

Ubuntu 14.04 LTS:
  libgcrypt11                     1.5.3-2ubuntu4.5

In general, a standard system update will make all the necessary changes.

References:
  https://www.ubuntu.com/usn/usn-3347-1
  CVE-2017-7526, CVE-2017-9526

Package Information:
  https://launchpad.net/ubuntu/+source/libgcrypt20/1.7.6-1ubuntu0.1
  https://launchpad.net/ubuntu/+source/libgcrypt20/1.7.2-2ubuntu1.1
  https://launchpad.net/ubuntu/+source/libgcrypt20/1.6.5-2ubuntu0.3
  https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.3-2ubuntu4.5



--w1cPAThCP8OoLutAMJ83wAsiqhmptteTs--

--OAIt29eT9lx2R6K4MaL4RfK7Uc3e4rkc9
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJZWpROAAoJEGVp2FWnRL6TVakQAJqmz2zS4HAbf+d+yhceQvgV
Z5n4mZgZHHMQUmC8uFDULYpln7PWwRM7JjyO4QkgSgg1XiPFzE769/oDZMJUvH2c
XMKVrpI6jgsvAPt38dS9W2y8y/8vpWSsLI8UDT7UbNWX33nZUE+Zv14jtmEwo7gp
AWXTJ/JDyv0xamLwQy+hqGfBhzVmCz07gpr5Olh5ACP3LqTRPqfm0utO3KtvzRNV
klA/tEwFvFVuKAvWy6V9FXS3VDsItX5T9jfNVxKiN+d47EKqKHhmnWOFUMGOrlC8
mx4VkCtfSDZwwdHbUT3/v6pPXi3QM66r9uvK3rOrfWRePaV89AsMLio9GjkPwqod
ajVmE8T/wRH0hamMew9CxOqYx2GTpNcluzETKW1sZOVHJU6JiRQelDm/E+qjUBcH
oeKI51VzVcJPuKfbAr86CQWSVXkBN+/S+6lU19PKMT235mutKOIYI1t+YOOaEsJC
9o+HYO7+w5uIhHp19QnkzRalS3j8rlPx7NX82On00Pdhupwh60yIdYV4kviD8+uz
O0q56gh+wLXtSJJ9Xy8TuF2r1kWJicgur3k1WcqKldfeVvZ+x627DAVmotK4er9y
CoBtt6ubwJv6L6cyiSeb2n2cJTosusUQ8t+kvtsXywm0NLUN4Aqu/EQ6BUSKHY8r
ML3hPe6x1pqY/Gse47yn
=v7uR
-----END PGP SIGNATURE-----

--OAIt29eT9lx2R6K4MaL4RfK7Uc3e4rkc9--


--===============8648627936772720347==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============8648627936772720347==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung