Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 18.04 LTS: USN-3853-1 Critical: GnuPG Remote Access Issue

ubuntu
Calendar Grey January 10, 2019
Dist Ubuntu Esm H88
GnuPG has announced a critical security advisory warning about remote access vulnerabilities. Ubuntu users should follow steps to secure their systems
GnuPG could allow unintended access to network services.

Summary

GnuPG could allow unintended access to network services.

Software Description:

- gnupg2: GNU privacy guard - a free PGP replacement

Details:

Ben Fuhrmannek discovered that GnuPG incorrectly handled Web Key Directory

lookups. A remote attacker could possibly use this issue to cause a denial

of service, or perform Cross-Site Request Forgery attacks.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
  gnupg                           2.2.8-3ubuntu1.1
  gpg-wks-client                  2.2.8-3ubuntu1.1

Ubuntu 18.04 LTS:
  gnupg                           2.2.4-1ubuntu1.2
  gpg-wks-client                  2.2.4-1ubuntu1.2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3853-1

CVE-2018-1000858

Severity
critical
Lowest
Low
Medium
High
Critical

January 10, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here