Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Ubuntu 12.04 LTS USN-2339-1 Critical GnuPG Information Exposure

Calendar Sep 03, 2014 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory gnupg critical software update information exposure ubuntu decryption attack
GnuPG could expose sensitive information when performing decryption. 
=========================================================================Ubuntu Security Notice USN-2339-1
September 03, 2014

gnupg vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

GnuPG could expose sensitive information when performing decryption.

Software Description:
- gnupg: GNU privacy guard - a free PGP replacement

Details:

Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was
susceptible to an adaptive chosen ciphertext attack via physical side
channels. A local attacker could use this attack to possibly recover
private keys.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
  gnupg                           1.4.11-3ubuntu2.7

Ubuntu 10.04 LTS:
  gnupg                           1.4.10-2ubuntu1.7

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2339-1
  CVE-2014-5270

Package Information:
  https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu2.7
  https://launchpad.net/ubuntu/+source/gnupg/1.4.10-2ubuntu1.7

Ubuntu 12.04 LTS USN-2339-1 Critical GnuPG Information Exposure

ubuntu
Calendar Grey September 3, 2014
Dist Ubuntu Esm H88
Critical data could be compromised owing to GnuPG weaknesses in certain Ubuntu releases. Patch promptly for protection!
GnuPG could expose sensitive information when performing decryption.

Summary

Topics%20covered

Topics Covered

security advisory gnupg critical software update information exposure ubuntu decryption attack

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: gnupg 1.4.11-3ubuntu2.7 Ubuntu 10.04 LTS: gnupg 1.4.10-2ubuntu1.7 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2339-1

CVE-2014-5270

Severity
critical
Lowest
Low
Medium
High
Critical

September 03, 2014

Topics%20covered

Topics Covered

security advisory gnupg critical software update information exposure ubuntu decryption attack

Package Information

https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu2.7 https://launchpad.net/ubuntu/+source/gnupg/1.4.10-2ubuntu1.7

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here