Package "scdaemon"

Name: scdaemon


GNU privacy guard - smart card support

Latest version: 2.0.22-3ubuntu1.4
Release: trusty (14.04)
Level: security
Repository: main
Head package: gnupg2
Homepage: http://www.gnupg.org/


Download "scdaemon"

Other versions of "scdaemon" in Trusty

Repository Area Version
base main 2.0.22-3ubuntu1
updates main 2.0.22-3ubuntu1.4


Version: 2.0.22-3ubuntu1.4 2018-06-14 23:06:48 UTC

  gnupg2 (2.0.22-3ubuntu1.4) trusty-security; urgency=medium

  * SECURITY UPDATE: missing sanitization of verbose output
    - debian/patches/CVE-2018-12020.patch: Sanitize diagnostic with
      the original file name.
    - CVE-2018-12020

 -- Steve Beattie <email address hidden> Thu, 14 Jun 2018 11:05:25 -0700

Source diff to previous version
CVE-2018-12020 mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof

Version: 2.0.22-3ubuntu1.3 2015-04-01 14:06:57 UTC

  gnupg2 (2.0.22-3ubuntu1.3) trusty-security; urgency=medium

  * Screen responses from keyservers (LP: #1409117)
    - d/p/0001-Screen-keyserver-responses.patch
    - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.patch
    - d/p/0003-Add-kbnode_t-for-easier-backporting.patch
    - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch
  * Fix large key size regression from CVE-2014-5270 changes (LP: #1371766)
    - d/p/Add-build-and-runtime-support-for-larger-RSA-key.patch
    - debian/rules: build with --enable-large-secmem
  * SECURITY UPDATE: invalid memory read via invalid keyring
    - debian/patches/CVE-2015-1606.patch: skip all packets not allowed in
      a keyring in g10/keyring.c.
    - CVE-2015-1606
  * SECURITY UPDATE: memcpy with overlapping ranges
    - debian/patches/CVE-2015-1607.patch: use inline functions to convert
      buffer data to scalars in common/iobuf.c, g10/build-packet.c,
      g10/getkey.c, g10/keyid.c, g10/main.h, g10/misc.c,
      g10/parse-packet.c, g10/tdbio.c, g10/trustdb.c, include/host2net.h,
      kbx/keybox-dump.c, kbx/keybox-openpgp.c, kbx/keybox-search.c,
      kbx/keybox-update.c, scd/apdu.c, scd/app-openpgp.c,
      scd/ccid-driver.c, scd/pcsc-wrapper.c, tools/ccidmon.c.
    - CVE-2015-1607
 -- Marc Deslauriers <email address hidden> Fri, 27 Mar 2015 08:18:55 -0400

Source diff to previous version
1371766 Latest CVE-2014-5270 patch breaks ElGamal keys of 16k
CVE-2014-5270 side-channel attack on Elgamal encryption subkeys
CVE-2015-1606 use after free resulting from failure to skip invalid packets
CVE-2015-1607 memcpy with overlapping ranges, resulting from incorrect bitwise left shifts

Version: 2.0.22-3ubuntu1.1 2014-06-26 19:06:35 UTC

  gnupg2 (2.0.22-3ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via uncompressing garbled packets
    - debian/patches/CVE-2014-4617.patch: limit number of extra bytes in
    - CVE-2014-4617
 -- Marc Deslauriers <email address hidden> Thu, 26 Jun 2014 09:18:35 -0400

CVE-2014-4617 The do_uncompress function in g10/compress.c in GnuPG 1.x before ...

About   -   Send Feedback to @ubuntu_updates