You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa gnupg

Sigurnosni nedostatak programskog paketa gnupg

==========================================================================
Ubuntu Security Notice USN-3064-1
August 18, 2016

gnupg vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS

Summary:

GnuPG incorrectly generated random numbers.

Software Description:
– gnupg: GNU privacy guard – a free PGP replacement

Details:

Felix Dörre and Vladimir Klebanov discovered that GnuPG incorrectly handled
mixing functions in the random number generator. An attacker able to obtain
4640 bits from the RNG can trivially predict the next 160 bits of output.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
gnupg 1.4.20-1ubuntu3.1

Ubuntu 14.04 LTS:
gnupg 1.4.16-1ubuntu2.4

Ubuntu 12.04 LTS:
gnupg 1.4.11-3ubuntu2.10

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-3064-1
CVE-2016-6313

Package Information:
https://launchpad.net/ubuntu/+source/gnupg/1.4.20-1ubuntu3.1
https://launchpad.net/ubuntu/+source/gnupg/1.4.16-1ubuntu2.4
https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu2.10

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJXtgnbAAoJEGVp2FWnRL6ThxoQAKUEnJ64Mktr7L+Nxp7UzxWz
xiaPUQv0ZsWgHpl9CtfE7tZMSr4SK8VMyLX2qY0hlx0O9osIMrXWHVOXrnOCAheX
3+7KvgT260RXril8iU+e4ZbJPuMEX7S+AU8acmXWqi0P1mBY+wAFwmIibrL8aK0R
4fnNFO95zD6ZrXyi6RAdbzFRrcCM7+nc4FlWVYJ1Wj2gujU71YMM6R2rEiFb+dPV
PpvCP3DajsiB9mzSP6g1mTf1Xkn1tukm9ETXmarFNajyeHOp4bNih5htL5vGW69U
50Ckfl3FC3KtIkyunQ0GVcXI8p0wSFs359c91RCQ/t/wjRG9meiIpq8pUtuBXGO6
1xdax2+ayazTbhyIB/n1dEgi0ORhlR1VDg1olJCXKc8qqkmiU9XdJrK5qtm0Tomj
UrMV9wL8Wy+gbNaSLWpYop/qX5nBg1W31yWvIA0k+PwmUMfY64XVNbRL9WfFq8X8
Vviwbh5MYZ/8B9C2AUKTveUO8S9QeYeRz1Z8gj+zVuHcaVKHQJIYA7KkXV+NC1L8
XBdffFgtuXyDLftng8HSecgVfL+5swuh4tOnHAZ44/MtcXSPUsfXLhvz38vFJ73b
BG2yWlkPq6ONEcCQt6k3RZh0rwGxjJBBlyoM8xnhrD9+CD8cX3OImlYYP0w6iQX1
Cjn2u+H797n8AadQEJDr
=qgg/
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskih biblioteka libgcrypt11 i libgcrypt20

Otkriven je sigurnosni nedostatak u programskim bibliotekama libgcrypt11 i libgcrypt20 za Ubuntu 12.04 LTS, 14.04 LTS i 16.04 LTS. Otkriveni...

Close