You are here
Home > Preporuke > Sigurnosni nedostatak programskih paketa gnupg i gnupg2

Sigurnosni nedostatak programskih paketa gnupg i gnupg2

by ncert - 0

==========================================================================
Ubuntu Security Notice USN-2258-1
June 26, 2014

gnupg, gnupg2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS
– Ubuntu 13.10
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

GnuPG could be made to hang if it processed a specially crafted message.

Software Description:
– gnupg: GNU privacy guard – a free PGP replacement
– gnupg2: GNU privacy guard – a free PGP replacement

Details:

Jean-René Reinhard, Olivier Levillain and Florian Maury discovered that
GnuPG incorrectly handled certain OpenPGP messages. If a user or automated
system were tricked into processing a specially-crafted message, GnuPG
could consume resources, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
gnupg 1.4.16-1ubuntu2.1
gnupg2 2.0.22-3ubuntu1.1

Ubuntu 13.10:
gnupg 1.4.14-1ubuntu2.2
gnupg2 2.0.20-1ubuntu3.1

Ubuntu 12.04 LTS:
gnupg 1.4.11-3ubuntu2.6
gnupg2 2.0.17-2ubuntu2.12.04.4

Ubuntu 10.04 LTS:
gnupg 1.4.10-2ubuntu1.6
gnupg2 2.0.14-1ubuntu1.7

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2258-1
CVE-2014-4617

Package Information:
https://launchpad.net/ubuntu/+source/gnupg/1.4.16-1ubuntu2.1
https://launchpad.net/ubuntu/+source/gnupg2/2.0.22-3ubuntu1.1
https://launchpad.net/ubuntu/+source/gnupg/1.4.14-1ubuntu2.2
https://launchpad.net/ubuntu/+source/gnupg2/2.0.20-1ubuntu3.1
https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu2.6
https://launchpad.net/ubuntu/+source/gnupg2/2.0.17-2ubuntu2.12.04.4
https://launchpad.net/ubuntu/+source/gnupg/1.4.10-2ubuntu1.6
https://launchpad.net/ubuntu/+source/gnupg2/2.0.14-1ubuntu1.7

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTrGU0AAoJEGVp2FWnRL6TlDQQAI4VF3EnjRv2DN2qehJQdBRt
M3HlX77KSdsONrF6irpULnInCnjZYr6ayV4XgUfhQbzGCOeJ62LYCmOTOmQ9Cs5m
u4v99jm5IouNKUNYLc4qSSc3GULhmUhfxH3DlVnSDeN1UqLWjsaSPsd4KVl6Hgam
fcuX2RoK1yD5Zini9nbOxyRxdWfbv3KrbO/WMbruuiLyCuuVY/5cJQ666xGfpBBq
hpNwlxdwdkrnKhVrDw8tGApUU3Qvvy3LYMrCSWZpMOt2mbmfEK+pPNIGQ6F2SQyb
jqk8dVYNROnf2jqCDAXj7QYL487QqHKXRKaavssdt1kdNw9l+/TvShIiZuWvckXA
GnhKOxENUPnF3x1+YFFPhw8S8+lDDQ7qkKXpaOFQHwfDgwtn0McQGZqPhpiVzAdN
BKKannZHMwg/hFnM2V7Nikdi2KOWpJuJuiCwS9VWRT2TSSkF2Ux4y3/dNVOCTqUK
WXucKOXAeheRp8Hh3dQpm7CPCoqtHrmwTksTy8rSdBB5sHoKyIlAANmF/cUHn+RS
jZjPvhN1D8cNIUJzO+MJWzvEBTrYyHP6/USR5RCTRnQn3cumsG/jy5Fqvdp4BWlK
SSrOVAOI7EnkHIU3/W88qw7VjNHZTZ0sZkWCnXj9Jt209zsAZFggcW0hVIgGRC++
bFV24fsK7QC43gx6HhqO
=H2ch
—–END PGP SIGNATURE—–

ncert
Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci u radu jezgre opearcijskog sustava Red Hat Enterprise Linux 7. Otkriveni nedostaci potencijalnim napadačima omogućuju stjecanje...

Close