UbuntuUpdates.org

Package "gpgv"

Name: gpgv

Description:

GNU privacy guard - signature verification tool
Latest version: 1.4.11-3ubuntu2.12
Release: precise (12.04)
Level: security
Repository: main
Head package: gnupg
Homepage: http://www.gnupg.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "gpgv"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "gpgv" in Precise

Repository Area Version
base main 1.4.11-3ubuntu2
updates main 1.4.11-3ubuntu2.12

Changelog

Version: 1.4.11-3ubuntu2.5 2013-12-18 20:06:52 UTC

  gnupg (1.4.11-3ubuntu2.5) precise-security; urgency=low

  * SECURITY UPDATE: RSA Key Extraction via Low-Bandwidth Acoustic
    Cryptanalysis attack
    - debian/patches/CVE-2013-4576.dpatch: Use blinding for the RSA secret
      operation in cipher/random.*, cipher/rsa.c, g10/gpgv.c. Normalize the
      MPIs used as input to secret key functions in cipher/dsa.c,
      cipher/elgamal.c, cipher/rsa.c.
    - CVE-2013-4576
 -- Marc Deslauriers <email address hidden> Wed, 18 Dec 2013 11:17:02 -0500
Source diff to previous version
CVE-2013-4576 RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack

Version: 1.4.11-3ubuntu2.4 2013-10-09 17:07:05 UTC

  gnupg (1.4.11-3ubuntu2.4) precise-security; urgency=low

  * SECURITY UPDATE: incorrect no-usage-permitted flag handling
    - debian/patches/CVE-2013-4351.dpatch: correctly handle empty key flags
      in g10/getkey.c, g10/keygen.c, include/cipher.h.
    - CVE-2013-4351
  * SECURITY UPDATE: denial of service via infinite recursion
    - debian/patches/CVE-2013-4402.dpatch: set limits on number of filters
      and nested packets in util/iobuf.c, g10/mainproc.c.
    - CVE-2013-4402
 -- Marc Deslauriers <email address hidden> Tue, 08 Oct 2013 07:49:58 -0400
Source diff to previous version
CVE-2013-4351 GnuPG treats no-usage-permitted keys as all-usages-permitted
CVE-2013-4402 infinite recursion in the compressed packet parser

Version: 1.4.11-3ubuntu2.3 2013-08-01 02:07:17 UTC

  gnupg (1.4.11-3ubuntu2.3) precise-security; urgency=low

  * SECURITY UPDATE: The path of execution in an exponentiation function may
    depend upon secret key data, allowing a local attacker to determine the
    contents of the secret key through a side-channel attack.
    - debian/patches/CVE-2013-4242.dpatch: always perform the mpi_mul for
      exponents in secure memory. Based on upstream patch.
    - CVE-2013-4242
 -- Seth Arnold <email address hidden> Tue, 30 Jul 2013 15:51:17 -0700
Source diff to previous version
CVE-2013-4242 the Yarom/Falkner flush+reload side-channel attack on RSA secret keys

Version: 1.4.11-3ubuntu2.2 2013-01-09 21:07:04 UTC

  gnupg (1.4.11-3ubuntu2.2) precise-security; urgency=low

  * SECURITY UPDATE: keyring corruption via malformed key import
    - debian/patches/CVE-2012-6085.dpatch: validate PKTTYPE in g10/import.c.
    - CVE-2012-6085
 -- Marc Deslauriers <email address hidden> Tue, 08 Jan 2013 10:52:55 -0500
Source diff to previous version
CVE-2012-6085 gnupg key import memory corruption

Version: 1.4.11-3ubuntu2.1 2012-09-17 15:07:19 UTC

  gnupg (1.4.11-3ubuntu2.1) precise-security; urgency=low

  * debian/patches/long-keyids.dpatch: Use the longest key ID available
    when requesting a key from a key server.
 -- Marc Deslauriers <email address hidden> Tue, 14 Aug 2012 08:34:24 -0400


About   -   Send Feedback to @ubuntu_updates