You are here
Home > Preporuke > Sigurnosni nedostatak programske biblioteke libgcrypt20

Sigurnosni nedostatak programske biblioteke libgcrypt20

by ncert - 0

==========================================================================
Ubuntu Security Notice USN-3417-1
September 14, 2017

libgcrypt20 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.04

Summary:

Libgcrypt could be made to expose sensitive information.

Software Description:
– libgcrypt20: LGPL Crypto library

Details:

Daniel Genkin, Luke Valenta, and Yuval Yarom discovered that Libgcrypt was
susceptible to an attack via side channels. A local attacker could use this
attack to recover Curve25519 private keys.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
libgcrypt20 1.7.6-1ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3417-1
CVE-2017-0379

Package Information:
https://launchpad.net/ubuntu/+source/libgcrypt20/1.7.6-1ubuntu0.2

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJZurbMAAoJEGVp2FWnRL6TTxwP/A36GvSByonhO4fegbqWa8AH
d3eGkA3hEcSoaz2kvqWjdROd85AHm20Kl1BIgez2r8YunvtZLe0S9KodfU+nTEvr
fcJ4D72lTesxvmjWVUlHtMkiMym7tCTRcdCtsHoSIptHb4IFaeXE8z+yDOb3isyC
pYC0jAy0pR//tRKq//sjwBxKpLZGVLMIsYGLhFf78O6K1ftRvSQP6RuimZ/4AYbK
PqOBue+1GSgmzpnHNzYLK3/u1os6IHlGQNd87qcGcUk95jKy9dLzllTVJB/cRSq9
olXIxuZbkz26p69cf4029+DBFRoYmocIPq0kaG1mY4feTgm8vLCg2qbNpxKlt+ns
m6Zbf6X2LIKji4OI9S9MkH/0Ou6gDPfsTXdPkN31hSI12njU//6PdRSNB9ANWiZd
N+MtjEbIToY+vvlDC/qYwXqHD/oOuiEhXXe0+DRFTizHeVWWGITaWHJ8Zsl8LbYq
aEoqGXE0MwSx3BZ8YLK0sWghKOY0q4FuCkyQT7DACVw0lLfnZt/EuOu+dU9nI7PG
wk/DERarnpWUUkIOKmfcDfavuykDKLvnhdr5f8Y5FLTpDkIUJFPW3675YswMOBfE
0eFhyMHwtcyQSgkGK6hjhPg06XBhGZ/yrGd2OQYVyV6ElEN67cCqWualG32Hn8Zn
mHojzPyyrJZBv4I4BkFu
=txcu
—–END PGP SIGNATURE—–

ncert
Top
More in Preporuke
Sigurnosni nedostatak jezgre operacijskog sustava

Otkriven je sigurnosni nedostatak jezgre operacijskog sustava SUSE. Otkriveni nedostatak potencijalnim udaljenim napadačima omogućuje izvođenje napada uskraćivanjem usluge. Savjetuje se...

Close