UbuntuUpdates.org

Package "gnupg"

Name: gnupg

Description:

GNU privacy guard - a free PGP replacement

Latest version: 1.4.20-1ubuntu3.3
Release: xenial (16.04)
Level: security
Repository: main
Homepage: https://www.gnupg.org

Links


Download "gnupg"


Other versions of "gnupg" in Xenial

Repository Area Version
base main 1.4.20-1ubuntu3
base universe 1.4.20-1ubuntu3
security universe 1.4.20-1ubuntu3.3
updates universe 1.4.20-1ubuntu3.3
updates main 1.4.20-1ubuntu3.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.4.20-1ubuntu3.3 2018-08-07 03:06:16 UTC

  gnupg (1.4.20-1ubuntu3.3) xenial-security; urgency=medium

  * SECURITY UPDATE: full RSA key recovery via side-channel attack
    - debian/patches/CVE-2017-7526-1.patch: simplify loop in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-2.patch: use same computation for square
      and multiply in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-3.patch: fix allocation size for mpi_pow
    - debian/patches/CVE-2017-7526-4.patch: add exponent blinding in
      cipher/rsa.c.
    - debian/patches/CVE-2017-7526-5.patch: allow different build directory
    - CVE-2017-7526

 -- Alex Murray <email address hidden> Mon, 06 Aug 2018 09:59:18 +0930

Source diff to previous version
CVE-2017-7526 Use of left-to-right sliding window method allows full RSA key recovery

Version: 1.4.20-1ubuntu3.2 2018-06-11 22:06:46 UTC

  gnupg (1.4.20-1ubuntu3.2) xenial-security; urgency=medium

  * SECURITY UPDATE: missing sanitization of verbose output
    - debian/patches/CVE-2018-12020.patch: Sanitize diagnostic with
      the original file name.
    - CVE-2018-12020

 -- Steve Beattie <email address hidden> Fri, 08 Jun 2018 15:53:57 -0700

Source diff to previous version
CVE-2018-12020 mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof

Version: 1.4.20-1ubuntu3.1 2016-08-18 20:07:03 UTC

  gnupg (1.4.20-1ubuntu3.1) xenial-security; urgency=medium

  * SECURITY UPDATE: random number generator prediction
    - debian/patches/CVE-2016-6313-1.patch: improve readability by using a
      macro in cipher/random.c.
    - debian/patches/CVE-2016-6313-2.patch: hash continuous areas in the
      csprng pool in cipher/random.c.
    - CVE-2016-6313

 -- Marc Deslauriers <email address hidden> Wed, 17 Aug 2016 13:35:22 -0400




About   -   Send Feedback to @ubuntu_updates