Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
172
security advisorydenial of serviceUbuntuUbuntu 14.10 USN-2554-1 Moderate: GnuPG Denial Of Service Risk
Several security issues were fixed in GnuPG.. =========================================================================Ubuntu Security Notice USN-2554-1 April 01, 2015 gnupg, gnupg2 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in GnuPG. Software Description: - gnupg: GNU privacy guard - a free PGP replacement - gnupg2: GNU privacy guard - a free PGP replacement Details: Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. (CVE-2014-3591) Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. (CVE-2015-0837) Hanno Böck discovered that GnuPG incorrectly handled certain malformed keyrings. If a user or automated system were tricked into opening a malformed keyring, a remote attacker could use this issue to cause GnuPG to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-1606, CVE-2015-1607) In addition, this update improves GnuPG security by validating that the keys returned by keyservers match those requested. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: gnupg 1.4.16-1.2ubuntu1.2 gnupg2 2.0.24-1ubuntu2.2 Ubuntu 14.04 LTS: gnupg 1.4.16-1ubuntu2.3 gnupg2 2.0.22-3ubuntu1.3 Ubuntu 12.04 LTS: gnupg 1.4.11-3ubuntu2.9 gnupg2 2.0.17-2ubuntu2.12.04.6 Ubuntu 10.04 LTS: gnupg 1.4.10-2ubuntu1.8 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2554-1 CVE-2014-3591, CVE-2014-5270, CVE-2015-0837, CVE-2015-1606, CVE-2015-1607 Package Information: https://launchpad.net/ubuntu/+source/gnupg/1.4.16-1.2ubuntu1.2 https://launchpad.net/ubuntu/+source/gnupg2/2.0.24-1ubuntu2.2 https://launchpad.net/ubuntu/+source/gnupg/1.4.16-1ubuntu2.3 https://launchpad.net/ubuntu/+source/gnupg2/2.0.22-3ubuntu1.3 https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu2.9 https://launchpad.net/ubuntu/+source/gnupg2/2.0.17-2ubuntu2.12.04.6 https://launchpad.net/ubuntu/+source/gnupg/1.4.10-2ubuntu1.8 . A recent update for Ubuntu has resolved several security vulnerabilities in GnuPG, including problems related to key recovery and potential denial of service attacks.. GnuPG Issues, Key Recovery Risks, Ubuntu 14.10 Update. . Severity: Important. LinuxSecurity.com Team
Apr 01, 2015
•Important
Ubuntu
172
security advisorymoderatesecurity issueUbuntu 14.10: USN-2555-1 Moderate: Libgcrypt Physical Key Attack
Several security issues were fixed in Libgcrypt.. =========================================================================Ubuntu Security Notice USN-2555-1 April 01, 2015 libgcrypt11, libgcrypt20 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in Libgcrypt. Software Description: - libgcrypt11: LGPL Crypto library - libgcrypt20: LGPL Crypto library Details: Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. (CVE-2014-3591) Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. (CVE-2015-0837) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: libgcrypt11 1.5.4-2ubuntu1.1 libgcrypt20 1.6.1-2ubuntu1.14.10.1 Ubuntu 14.04 LTS: libgcrypt11 1.5.3-2ubuntu4.2 Ubuntu 12.04 LTS: libgcrypt11 1.5.0-3ubuntu0.4 Ubuntu 10.04 LTS: libgcrypt11 1.4.4-5ubuntu2.4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2555-1 CVE-2014-3591, CVE-2015-0837 Package Information: https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.4-2ubuntu1.1 https://launchpad.net/ubuntu/+source/libgcrypt20/1.6.1-2ubuntu1.14.10.1 https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.3-2ubuntu4.2 https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.0-3ubuntu0.4 https://launchpad.net/ubuntu/+source/libgcrypt11/1.4.4-5ubuntu2.4 . Alert: Vulnerabilities found in Libgcrypt within Ubuntu systems. It's crucial to perform an update to safeguard against possible risks of key compromise.. Ubuntu Security, Libgcrypt Updates, Key Recovery Risks. . Severity: Important. LinuxSecurity.com Team
Apr 01, 2015
•Important
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!