You are here
Home > Preporuke > Sigurnosni nedostatak programskih biblioteka libgcrypt11 i libgcrypt20

Sigurnosni nedostatak programskih biblioteka libgcrypt11 i libgcrypt20

by Marina Dimic Vugec - 0

==========================================================================
Ubuntu Security Notice USN-3689-1
June 19, 2018

libgcrypt11, libgcrypt20 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 17.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Libgcrypt could be made to expose sensitive information.

Software Description:
– libgcrypt20: LGPL Crypto library
– libgcrypt11: LGPL Crypto library

Details:

Keegan Ryan discovered that Libgcrypt was susceptible to a side-channel
attack. A local attacker could possibly use this attack to recover ECDSA
private keys.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
libgcrypt20 1.8.1-4ubuntu1.1

Ubuntu 17.10:
libgcrypt20 1.7.8-2ubuntu1.1

Ubuntu 16.04 LTS:
libgcrypt20 1.6.5-2ubuntu0.5

Ubuntu 14.04 LTS:
libgcrypt11 1.5.3-2ubuntu4.6

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3689-1
CVE-2018-0495

Package Information:
https://launchpad.net/ubuntu/+source/libgcrypt20/1.8.1-4ubuntu1.1
https://launchpad.net/ubuntu/+source/libgcrypt20/1.7.8-2ubuntu1.1
https://launchpad.net/ubuntu/+source/libgcrypt20/1.6.5-2ubuntu0.5
https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.3-2ubuntu4.6

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlspLhMACgkQZWnYVadE
vpOyTg//ZIK2wQP2V59U4secHPznoTGGSBsDpX3Mln11ELKzij97e3YYEXiHLVuV
QLZIhjilBWpLHEhHqGoJkdo8wXSD8r4ZuiIZjsreRQHYvYGo6Hm6L95KKeteB41Y
HCm8KtGCsmQ6yJ7pG2xHA4crNQvi0Jxm4s5rV7vRsjwm8ndgxDXf+dvkj3/znpRL
MPNORpvC9rhot2ziUIjgqAP2unP/Oe9Lkz/c4IIy+hIKubvidSbN0iuLIm0zLyVu
rPM9UvL2Id/UPnpJ9NZr5U/940qukHgeRJ9bHLgeQetD+CflUuwW7NaH4TkTdZbd
kUOc9gMqZeS6jYEsjOdpbOeEtxBEn9j0N2IwMQ1Mc9viXDB0noghITj6V7ysia5i
VmePLZbQuFJoPZv3xZf3VRaYDBQPErQ4NXJ0N40eZKUkn5yG/qsu+Gvdjt13D+pZ
F2S7QqaQUV8Sr5H652cJ6ft7qTkujonjP+jjOfM3/0zDKrJs/0NxLBSrXdigT05g
Tlu60rP7twWwxQ6S9b1DgWMpTnOHhekYqfEAmu4u3S3VTivXOwULA0ok713pgzOa
uTDBSAlaeo4mleKZxFeFFu+hX4V/EQbcz2s4T/gVgGTEus9o1+zJINX9iTNbtpBA
rYn1kurxC4TvK0kDdjYHFhdks7EkXZGdgyKmJGTK3qeG63/X9q4=
=AVbY
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3689-2
June 19, 2018

libgcrypt11 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

Libgcrypt could be made to expose sensitive information.

Software Description:
– libgcrypt11: LGPL Crypto library

Details:

USN-3689-1 fixed a vulnerability in Libgcrypt. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

Keegan Ryan discovered that Libgcrypt was susceptible to a side-
channel attack. A local attacker could possibly use this attack to
recover ECDSA private keys.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
libgcrypt11                     1.5.0-3ubuntu0.8

In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/usn/usn-3689-2
https://usn.ubuntu.com/usn/usn-3689-1
CVE-2018-0495—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJbKUIPAAoJEEW851uECx9pxAIQAK0OyRRmLMyPGbC31IafNTOw
qOyjs+AlINckWBq8wMGCuqEy0oBUSwe8drd/k7s6BfTQ7ajTUhcecbWo4nAq5zxj
XvPvJVRQ2FRmEKJqkwYJyNoLs4MDzBurY7DaSTkWXw2okMi5Yn1H4XjK6d/Coeyq
/jNYndGh6rxZL2AbQM7YYveKv3Naa9+VIuNZMYIeRU2UtfwAQcWld9bqaFk1BJqG
Ok2PtnWdvDm43caFIQ56YFIQ9U6XT89l16tEOurhVuXIVlfv78wZU5Sbc32a1ANH
nWtRx1gwCtOKPbOCQSj5I7ktdIMUhQUppwPVptvxdVAkJSupwdBmZa64LZKDmGCd
lANrHWdSHjT4IqEDHX6z4adAelZHoQAAaktmOfsUefK9UfkvwSvFwFhyAnV6NoEw
uWUH5kNrxFmeHgpDKfy0a0U/U67408/jsCUbkc/O/TxcQ72YwZEwXI+YPgya07Dd
U/V1YOYPk7F2iekkPDnI66Omq1gLUzFaAl0nHbxKGhpoqZhUMS4X2QhKKMshNy1U
HlsmsXMjK/8A/LrOai6/2zuPJ3Rd9rV0Ihpg1++Cmo68fuB+yenQbTcLwayZcAQT
UFlr6BPqY6azNR8zao+uk1Bu4XS4djSD/TbjYedr0RXlzD/y5BXH8iPiaNa5ueSx
eiY/UtmDjanbxnDVe053
=8TOJ
—–END PGP SIGNATURE—–

Marina Dimic Vugec
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa aubio

Otkriven je sigurnosni nedostatak u programskom paketu aubio za operacijski sustav openSUSE. Otkriveni nedostatak posljedica je dereferenciranja NULL pokazivača te...

Close