Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
87
security advisorycriticaldebianDebian 11: DSA-4988-1 Critical LibreOffice Digital Signature Issues
Two security issues have been discovered in LibreOffice's support for digital signatures in ODF documents, which could result in incorrect signature indicators/timestamps being presented. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4988-1
Oct 16, 2021
•Critical
Debian
172
security advisorynetwork securityUbuntuUbuntu 18.04 LTS Security Advisory USN-4233-2: GnuTLS SHA1 Update
USN-4233-1 marked SHA1 as untrusted in GnuTLS with no workaround.. =========================================================================Ubuntu Security Notice USN-4233-2 January 23, 2020 gnutls28 update ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: USN-4233-1 marked SHA1 as untrusted in GnuTLS with no workaround. Software Description: - gnutls28: GNU TLS library Details: USN-4233-1 disabled SHA1 being used for digital signature operations in GnuTLS. In certain network environments, certificates using SHA1 may still be in use. This update adds the %VERIFY_ALLOW_BROKEN and %VERIFY_ALLOW_SIGN_WITH_SHA1 priority strings that can be used to temporarily re-enable SHA1 until certificates can be replaced with a stronger algorithm. Original advisory details: As a security improvement, this update marks SHA1 as being untrusted for digital signature operations. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libgnutls30 3.5.18-1ubuntu1.3 Ubuntu 16.04 LTS: libgnutls30 3.4.10-4ubuntu1.7 In general, a standard system update will make all the necessary changes. References: https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1860656 Package Information: https://launchpad.net/ubuntu/+source/gnutls28/3.5.18-1ubuntu1.3 https://launchpad.net/ubuntu/+source/gnutls28/3.4.10-4ubuntu1.7 . Learn about gnutls SHA1 status, its impact on Ubuntu, and workarounds for security vulnerabilities in the latest advisory.. GnuTLS Update, Ubuntu Security, SHA1 Untrusted, Network Security. . Severity: Important. LinuxSecurity.com Team
Jan 23, 2020
•Important
Ubuntu
172
security advisoryubuntugnutlsUbuntu 18.04 & 16.04 LTS: USN-4233-1 GnuTLS SHA1 Untrusted Directive
SHA1 has been marked as untrusted in GnuTLS.. =========================================================================Ubuntu Security Notice USN-4233-1 January 09, 2020 gnutls28 update ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: SHA1 has been marked as untrusted in GnuTLS. Software Description: - gnutls28: GNU TLS library Details: As a security improvement, this update marks SHA1 as being untrusted for digital signature operations. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libgnutls30 3.5.18-1ubuntu1.2 Ubuntu 16.04 LTS: libgnutls30 3.4.10-4ubuntu1.6 In general, a standard system update will make all the necessary changes. References: https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1858691 Package Information: https://launchpad.net/ubuntu/+source/gnutls28/3.5.18-1ubuntu1.2 https://launchpad.net/ubuntu/+source/gnutls28/3.4.10-4ubuntu1.6 . Recent updates in GnuTLS have rendered SHA1 as unreliable to bolster security measures. Discover ways to safeguard your Ubuntu system.. GnuTLS Update, Ubuntu Security Notice, Digital Signature Security. . Severity: Important. LinuxSecurity.com Team
Jan 09, 2020
•Important
Ubuntu
91
security advisorygentoognupgGentoo: GLSA-200602-10 Normal: GnuPG Incorrect Signature Verification
Applications relying on GnuPG to authenticate digital signatures may incorrectly believe a signature has been verified.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200602-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GnuPG: Incorrect signature verification Date: February 18, 2006 Bugs: #122721 ID: 200602-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Applications relying on GnuPG to authenticate digital signatures may incorrectly believe a signature has been verified. Background ========= GnuPG (The GNU Privacy Guard) is a free replacement for PGP (Pretty Good Privacy). As GnuPG does not rely on any patented algorithms, it can be used without any restrictions. gpgv is the OpenPGP signature verification tool provided by the GnuPG system. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-crypt/gnupg < 1.4.2.1 > = 1.4.2.1 Description ========== Tavis Ormandy of the Gentoo Linux Security Auditing Team discovered that automated systems relying on the return code of GnuPG or gpgv to authenticate digital signatures may be misled by malformed signatures. GnuPG documentation states that a return code of zero (0) indicates success, however gpg and gpgv may also return zero if no signature data was found in a detached signature file. Impact ===== An attacker may be able to bypass authentication in automated systems relying on the return code of gpg or gpgv to authenticate digital signatures. Workaround ========= There is noknown workaround at this time. Resolution ========= All GnuPG users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-crypt/gnupg-1.4.2.1" References ========= [ 1 ] GnuPG Security Announcement http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html [ 2 ] CVE-2006-0455 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200602-10 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Feb 18, 2006
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!