UbuntuUpdates.org

Package "gnupg"

Name: gnupg

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • GNU privacy guard - a free PGP replacement (cURL)

Latest version: 1.4.11-3ubuntu2.12
Release: precise (12.04)
Level: security
Repository: universe

Links



Other versions of "gnupg" in Precise

Repository Area Version
base universe 1.4.11-3ubuntu2
base main 1.4.11-3ubuntu2
security main 1.4.11-3ubuntu2.12
updates main 1.4.11-3ubuntu2.12
updates universe 1.4.11-3ubuntu2.12

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.4.11-3ubuntu2.12 2021-05-03 14:07:24 UTC

  gnupg (1.4.11-3ubuntu2.12) precise-security; urgency=medium

  * SECURITY UPDATE: full RSA key recovery via side-channel attack
    - debian/patches/CVE-2017-7526-part1.dpatch: simplify loop in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-part2.dpatch: use same computation for square
      and multiply in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-part3.dpatch: fix allocation size for mpi_pow
    - debian/patches/CVE-2017-7526-part4.dpatch: add exponent blinding in
      cipher/rsa.c.
    - debian/patches/CVE-2017-7526-part5.dpatch: allow different build directory
    - debian/patches/CVE-2017-7526-part6.dpatch: Reduce secmem pressure in
      cipher/rsa.c.
    - CVE-2017-7526

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 15 Aug 2018 11:30:05 -0300

Source diff to previous version
CVE-2017-7526 Use of left-to-right sliding window method allows full RSA key recovery

Version: 1.4.11-3ubuntu2.10 2016-08-18 20:07:00 UTC

  gnupg (1.4.11-3ubuntu2.10) precise-security; urgency=medium

  * SECURITY UPDATE: random number generator prediction
    - debian/patches/CVE-2016-6313.dpatch: improve readability by using a
      macro and hash continuous areas in the csprng pool in
      cipher/random.c.
    - CVE-2016-6313

 -- Marc Deslauriers <email address hidden> Wed, 17 Aug 2016 13:37:00 -0400

Source diff to previous version

Version: 1.4.11-3ubuntu2.9 2015-04-01 14:06:55 UTC

  gnupg (1.4.11-3ubuntu2.9) precise-security; urgency=medium

  * Screen responses from keyservers (LP: #1409117)
    - d/p/0001-Screen-keyserver-responses.dpatch
    - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.dpatch
    - d/p/0003-Add-kbnode_t-for-easier-backporting.dpatch
    - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.dpatch
  * Fix large key size regression from CVE-2014-5270 changes (LP: #1371766)
    - d/p/Add-build-and-runtime-support-for-larger-RSA-key.dpatch
    - debian/rules: build with --enable-large-secmem
  * SECURITY UPDATE: sidechannel attack on Elgamal
    - debian/patches/CVE-2014-3591.dpatch: use ciphertext blinding in
      cipher/elgamal.c.
    - CVE-2014-3591
  * SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm
    - debian/patches/CVE-2015-0837.dpatch: avoid timing variations in
      include/mpi.h, mpi/mpi-pow.c, mpi/mpiutil.c.
    - CVE-2015-0837
  * SECURITY UPDATE: invalid memory read via invalid keyring
    - debian/patches/CVE-2015-1606.dpatch: skip all packets not allowed in
      a keyring in g10/keyring.c.
    - CVE-2015-1606
  * SECURITY UPDATE: memcpy with overlapping ranges
    - debian/patches/CVE-2015-1607.dpatch: use inline functions to convert
      buffer data to scalars in g10/apdu.c, g10/app-openpgp.c,
      g10/build-packet.c, g10/ccid-driver.c, g10/getkey.c, g10/keygen.c,
      g10/keyid.c, g10/misc.c, g10/parse-packet.c, g10/tdbio.c,
      g10/trustdb.c, include/host2net.h.
    - CVE-2015-1607
 -- Marc Deslauriers <email address hidden> Fri, 27 Mar 2015 08:24:00 -0400

Source diff to previous version
1371766 Latest CVE-2014-5270 patch breaks ElGamal keys of 16k
CVE-2014-5270 side-channel attack on Elgamal encryption subkeys
CVE-2014-3591 sidechannel attack on Elgamal
CVE-2015-0837 data-dependent timing variations in modular exponentiation
CVE-2015-1606 use after free resulting from failure to skip invalid packets
CVE-2015-1607 memcpy with overlapping ranges, resulting from incorrect bitwise left shifts

Version: 1.4.11-3ubuntu2.7 2014-09-03 19:06:39 UTC

  gnupg (1.4.11-3ubuntu2.7) precise-security; urgency=medium

  * SECURITY UPDATE: side-channel attack on Elgamal encryption subkeys
    - debian/patches/CVE-2014-5270.dpatch: use sliding window method for
      exponentiation algorithm in mpi/mpi-pow.c.
    - CVE-2014-5270
 -- Marc Deslauriers <email address hidden> Tue, 19 Aug 2014 09:41:45 -0400

Source diff to previous version
CVE-2014-5270 side-channel attack on Elgamal encryption subkeys

Version: 1.4.11-3ubuntu2.6 2014-06-26 19:06:33 UTC

  gnupg (1.4.11-3ubuntu2.6) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via uncompressing garbled packets
    - debian/patches/CVE-2014-4617.dpatch: limit number of extra bytes in
      g10/compress.c.
    - CVE-2014-4617
 -- Marc Deslauriers <email address hidden> Thu, 26 Jun 2014 08:30:14 -0400

CVE-2014-4617 The do_uncompress function in g10/compress.c in GnuPG 1.x before ...



About   -   Send Feedback to @ubuntu_updates