Login
Newsletter
Werbung

Sicherheit: Preisgabe von Informationen in Libgcrypt (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in Libgcrypt (Aktualisierung)
ID: USN-4236-3
Distribution: Ubuntu
Plattformen: Ubuntu 12.04 ESM, Ubuntu 14.04 ESM
Datum: Di, 28. Januar 2020, 22:39
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627
Applikationen: libgcrypt
Update von: Preisgabe von Informationen in Libgcrypt

Originalnachricht


--===============4511099534542888933==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="/NkBOFFp2J2Af1nK"
Content-Disposition: inline


--/NkBOFFp2J2Af1nK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-4236-3
January 28, 2020

libgcrypt11 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM

Summary:

Libgcrypt could be made to expose sensitive information.

Software Description:
- libgcrypt11: LGPL Crypto library

Details:

USN-4236-1 fixed a vulnerability in Libgcrypt. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that Libgcrypt was susceptible to a ECDSA timing attack.
An attacker could possibly use this attack to recover sensitive
information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
libgcrypt11 1.5.3-2ubuntu4.6+esm1

Ubuntu 12.04 ESM:
libgcrypt11 1.5.0-3ubuntu0.9

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4236-3
https://usn.ubuntu.com/4236-1
CVE-2019-13627

--/NkBOFFp2J2Af1nK
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl4wcJ0ACgkQRbznW4QL
H2n4mw/+JfaxEpOtC05gAGEqvtKRMj1wLDoHqmF1fYVDCItM+Wms+1egDY87LXsY
rJ6P/fP0F6r/VKtWpIQB8YJzorfq6z0tUmjmUfx1VftebMmTKqKq51IfWiFnPSLj
iirG5yVk1kKyB9xOe4AiGa0GhbAAKJbO/mMu08zy9OotNqBk6Jky6gy7OjwTUfY2
PsjRFMktLE3O5dus0hcJOjjITtFDcBRrg+Z9dQwWUx2E90cpa4ffytnMJ26EFadf
1mhLN81leqXiiw9/xgBGKYem2NVa6feD7VPvHhCDmvlX/F2dgOz0qvOp2g3dcwOj
KkS16/L7559FwHF2HaxnhwpLBZq0ufErwfhsOc74vRstUEsof0DHPxnNArkXPLAD
a8VJ/6UMxC+FfS3HQkivP/TyutI5ad9bEdJ35ytyxe/lyulO7xIMJrW8wAbvz+hq
vngVi0H/JlA0aSAo2elN53rfjDfogV24x1OSGxCWdTPVZX1aWlZPNkvG7GP+m2de
r4XLqbYCUvAzGjixRtwC7A37dXtFCJy+AxY5wgf+cxa93fMMAkl68rig9l/HUerw
b0th3zTskLdxfwM0qHPcpBGP0ThpcGWtmxlvmcGpxJLqt/f9pl9rxzPKjxU7nT89
/IdRdcuz6tlcMvFgAMvm9lERvIpklGXc+Pr69nMQH6bY4pKbfwg=
=OBbC
-----END PGP SIGNATURE-----

--/NkBOFFp2J2Af1nK--


--===============4511099534542888933==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung