You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa gnupg2

Sigurnosni nedostatak programskog paketa gnupg2

==========================================================================
Ubuntu Security Notice USN-4516-1
September 17, 2020

gnupg2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS

Summary:

GnuPG could be made to expose sensitive information.

Software Description:
– gnupg2: GNU privacy guard – a free PGP replacement

Details:

It was discovered that GnuPG signatures could be forged when the SHA-1
algorithm is being used. This update removes validating signatures based on
SHA-1 that were generated after 2019-01-19. In environments where this is
still required, a new option –allow-weak-key-signatures can be used to
revert this behaviour.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
gnupg 2.2.4-1ubuntu1.3

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4516-1
CVE-2019-14855

Package Information:
https://launchpad.net/ubuntu/+source/gnupg2/2.2.4-1ubuntu1.3

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl9jsqgACgkQZWnYVadE
vpNHKw/7B+0I15tg1KTXC9b515KQWmSe8nZgqAXfwx4YboZZmkwxhOKZ1o/66UPg
AlanvSj96E677XrzLes1rBkvqATIIEDGjwVN4zmWzoGMAS+KaHG1Wd6bsfIKPL7L
K53OqUxWQYB4Hxq/EjGQQmzx9Vq/AmJcXBTVlwEJCEXboWG5sIjXk+iee+YtmADC
WsOsYCn0rYCyWzfv7LoEvW5rmcYDg6+kgaGtNkNbQOeYgzb7Lp8GQ1qhtoS9IoGY
EV+Wc4ecxOSTpw3v3FJrMC9A3n2tvTlMz+y/Ao0Pm9MpDeCpw6Iz/ahdg+oiIAO1
JJL27iwgwS6ciqZHVq7L9z4elkRkDvLafTjWIZNwjrpqTlhdXdd87NvB84xo2j5t
xBxO55NyG/PCGBpamwAttumqti+YIjwZqqMTVrRVJ6KnTTWZSey6x4Lv7FHFmNPX
l0IDPQSEse++VINWl7b/9Rp1/A6dD7y36UzrpcyGsf9yUuJdLl91bCUF171Thvuq
dZ7gKNAMF3tQlpD2ccZH2RIdEyPIu0RNiTJtqtdaMBpfLLaFWBGAfxZW86Z5RZHU
SMYrcWs6fTemwt2agbJuf93TP+mZF53gEn4pIGhYf76xyrtT+qd0g1KjHA+vxmqF
qOqNPus6huU3E7BOM5kan+TJdWRjF06QglCp8IczCuh5SP38mng=
=WLxB
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa pure-ftpd

Otkriven je sigurnosni nedostatak u programskom paketu pure-ftpd za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija....

Close