Preisgabe von Informationen in Libgcrypt (Aktualisierung)
ID: | USN-4236-2 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 16.04 LTS |
Datum: | Di, 14. Januar 2020, 15:34 |
Referenzen: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627 |
Applikationen: | libgcrypt |
Update von: | Preisgabe von Informationen in Libgcrypt |
Originalnachricht |
|
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============3200534849207496882== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="FU0VynUxwzp5KucEOWqgZH8TVCKLBwKOT" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --FU0VynUxwzp5KucEOWqgZH8TVCKLBwKOT Content-Type: multipart/mixed; boundary="gAIcUqBSKoZWWXc9hwwr6UiKohltTVQGy" --gAIcUqBSKoZWWXc9hwwr6UiKohltTVQGy Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable ========================================================================== Ubuntu Security Notice USN-4236-2 January 14, 2020 libgcrypt20 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Libgcrypt could be made to expose sensitive information. Software Description: - libgcrypt20: LGPL Crypto library Details: USN-4236-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding fix for Ubuntu 16.04 LTS. Original advisory details: It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libgcrypt20 1.6.5-2ubuntu0.6 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4236-2 https://usn.ubuntu.com/4236-1 CVE-2019-13627 Package Information: https://launchpad.net/ubuntu/+source/libgcrypt20/1.6.5-2ubuntu0.6 --gAIcUqBSKoZWWXc9hwwr6UiKohltTVQGy-- --FU0VynUxwzp5KucEOWqgZH8TVCKLBwKOT Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl4dzO8ACgkQZWnYVadE vpMo0hAAtfW4jEVYuKS8HT4ueGlltL5ejmN73rDM9ChYF3sS8m71S/JhFtnQxphl gV0NAhulXFT7prVX4ZZYnCqMuoxsno4yvklqb0AUaUIj40JgDZDn2lWzUYs7Tb5c QGv1y7SxpYd9bp7iTV80ajKhb9PvzcuPkSTmT85wCmG3BMikePrqV6PbWEzQ4smh 8ef6l1IDoqEVGVMQrWL9oG5Oav0Taq/rNMwwuXurANT59nK4SnS5sklS90pQA8l1 2IWcaLd05lhv/TD3IOdMHrNj0wTr4LUQ2UyGVkm9u9wR5kWnQ9lY/KgFZHOu97xa C50fJDW+WP4KBimwNakuKLqugcU69PnwoK16rmphttBNxS5Uqw02/fdfU0IrGv5i t28JrSNNnhD9XBJMaifK7egVTm7xyWVQoqOVarUAzgW0jyvgGB/pEOQBQkZcMBDB UMo3c/rBGEbhqDa+dnpv/Zkw9TmgUw/bSNuKpH/7L6xnZ3M4CJypGe48Krf2kYzh SFqJvGvXDgCy241llcMLL6gaWxWv0mCqaNf0SfaSfb8ezQyB4OhfyjhJxVRG4kJR Za33Vi6bXdcJc7Jv5SOeMWlllkLmANRDkGDbxwlgIQQGdmz8qljIkRv7wTdktCnr lpwL04FrWNA/hl2dxdSP26AXmOyPFxx2GPWSGSYlYBnMWYB1qjs= =CSLr -----END PGP SIGNATURE----- --FU0VynUxwzp5KucEOWqgZH8TVCKLBwKOT-- --===============3200534849207496882== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK --===============3200534849207496882==-- |