==========================================================================
Ubuntu Security Notice USN-3689-1
June 19, 2018
libgcrypt11, libgcrypt20 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.04 LTS
– Ubuntu 17.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
Summary:
Libgcrypt could be made to expose sensitive information.
Software Description:
– libgcrypt20: LGPL Crypto library
– libgcrypt11: LGPL Crypto library
Details:
Keegan Ryan discovered that Libgcrypt was susceptible to a side-channel
attack. A local attacker could possibly use this attack to recover ECDSA
private keys.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
libgcrypt20 1.8.1-4ubuntu1.1
Ubuntu 17.10:
libgcrypt20 1.7.8-2ubuntu1.1
Ubuntu 16.04 LTS:
libgcrypt20 1.6.5-2ubuntu0.5
Ubuntu 14.04 LTS:
libgcrypt11 1.5.3-2ubuntu4.6
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3689-1
CVE-2018-0495
Package Information:
https://launchpad.net/ubuntu/+source/libgcrypt20/1.8.1-4ubuntu1.1
https://launchpad.net/ubuntu/+source/libgcrypt20/1.7.8-2ubuntu1.1
https://launchpad.net/ubuntu/+source/libgcrypt20/1.6.5-2ubuntu0.5
https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.3-2ubuntu4.6
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlspLhMACgkQZWnYVadE
vpOyTg//ZIK2wQP2V59U4secHPznoTGGSBsDpX3Mln11ELKzij97e3YYEXiHLVuV
QLZIhjilBWpLHEhHqGoJkdo8wXSD8r4ZuiIZjsreRQHYvYGo6Hm6L95KKeteB41Y
HCm8KtGCsmQ6yJ7pG2xHA4crNQvi0Jxm4s5rV7vRsjwm8ndgxDXf+dvkj3/znpRL
MPNORpvC9rhot2ziUIjgqAP2unP/Oe9Lkz/c4IIy+hIKubvidSbN0iuLIm0zLyVu
rPM9UvL2Id/UPnpJ9NZr5U/940qukHgeRJ9bHLgeQetD+CflUuwW7NaH4TkTdZbd
kUOc9gMqZeS6jYEsjOdpbOeEtxBEn9j0N2IwMQ1Mc9viXDB0noghITj6V7ysia5i
VmePLZbQuFJoPZv3xZf3VRaYDBQPErQ4NXJ0N40eZKUkn5yG/qsu+Gvdjt13D+pZ
F2S7QqaQUV8Sr5H652cJ6ft7qTkujonjP+jjOfM3/0zDKrJs/0NxLBSrXdigT05g
Tlu60rP7twWwxQ6S9b1DgWMpTnOHhekYqfEAmu4u3S3VTivXOwULA0ok713pgzOa
uTDBSAlaeo4mleKZxFeFFu+hX4V/EQbcz2s4T/gVgGTEus9o1+zJINX9iTNbtpBA
rYn1kurxC4TvK0kDdjYHFhdks7EkXZGdgyKmJGTK3qeG63/X9q4=
=AVbY
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-3689-2
June 19, 2018
libgcrypt11 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 12.04 ESM
Summary:
Libgcrypt could be made to expose sensitive information.
Software Description:
– libgcrypt11: LGPL Crypto library
Details:
USN-3689-1 fixed a vulnerability in Libgcrypt. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Keegan Ryan discovered that Libgcrypt was susceptible to a side-
channel attack. A local attacker could possibly use this attack to
recover ECDSA private keys.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
libgcrypt11 1.5.0-3ubuntu0.8
In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3689-2
https://usn.ubuntu.com/usn/usn-3689-1
CVE-2018-0495—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAABCAAGBQJbKUIPAAoJEEW851uECx9pxAIQAK0OyRRmLMyPGbC31IafNTOw
qOyjs+AlINckWBq8wMGCuqEy0oBUSwe8drd/k7s6BfTQ7ajTUhcecbWo4nAq5zxj
XvPvJVRQ2FRmEKJqkwYJyNoLs4MDzBurY7DaSTkWXw2okMi5Yn1H4XjK6d/Coeyq
/jNYndGh6rxZL2AbQM7YYveKv3Naa9+VIuNZMYIeRU2UtfwAQcWld9bqaFk1BJqG
Ok2PtnWdvDm43caFIQ56YFIQ9U6XT89l16tEOurhVuXIVlfv78wZU5Sbc32a1ANH
nWtRx1gwCtOKPbOCQSj5I7ktdIMUhQUppwPVptvxdVAkJSupwdBmZa64LZKDmGCd
lANrHWdSHjT4IqEDHX6z4adAelZHoQAAaktmOfsUefK9UfkvwSvFwFhyAnV6NoEw
uWUH5kNrxFmeHgpDKfy0a0U/U67408/jsCUbkc/O/TxcQ72YwZEwXI+YPgya07Dd
U/V1YOYPk7F2iekkPDnI66Omq1gLUzFaAl0nHbxKGhpoqZhUMS4X2QhKKMshNy1U
HlsmsXMjK/8A/LrOai6/2zuPJ3Rd9rV0Ihpg1++Cmo68fuB+yenQbTcLwayZcAQT
UFlr6BPqY6azNR8zao+uk1Bu4XS4djSD/TbjYedr0RXlzD/y5BXH8iPiaNa5ueSx
eiY/UtmDjanbxnDVe053
=8TOJ
—–END PGP SIGNATURE—–
—