Explore top 10 tips to secure your open-source projects now. Read More
×
GnuPG could be made to expose sensitive information.
Software Description:
- gnupg: GNU privacy guard - a free PGP replacement
Details:
USN-3733-1 fixed a vulnerability in GnuPG. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot
Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal,
and Yuval Yarom discovered that GnuPG is vulnerable to a cache side- channel attack. A local attacker could use this attack to recover RSA
private keys.
The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: gnupg 1.4.11-3ubuntu2.12 gnupg-curl 1.4.11-3ubuntu2.12 gpgv 1.4.11-3ubuntu2.12 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-3733-2
https://ubuntu.com/security/notices/USN-3733-1
CVE-2017-7526
Get the latest Linux and open source security news straight to your inbox.