Package "gpgv"

Name:	gpgv
Description:	GNU privacy guard - signature verification tool
Latest version:	1.4.20-1ubuntu3.3
Release:	xenial (16.04)
Level:	updates
Repository:	main
Head package:	gnupg
Homepage:	https://www.gnupg.org

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "gpgv"

32-bit deb package

64-bit deb package

APT INSTALL

Other versions of "gpgv" in Xenial

Repository	Area	Version
base	main	1.4.20-1ubuntu3
security	main	1.4.20-1ubuntu3.3

Changelog

Version: 1.4.20-1ubuntu3.3 2018-08-07 04:08:39 UTC

gnupg (1.4.20-1ubuntu3.3) xenial-security; urgency=medium * SECURITY UPDATE: full RSA key recovery via side-channel attack - debian/patches/CVE-2017-7526-1.patch: simplify loop in mpi/mpi-pow.c. - debian/patches/CVE-2017-7526-2.patch: use same computation for square and multiply in mpi/mpi-pow.c. - debian/patches/CVE-2017-7526-3.patch: fix allocation size for mpi_pow - debian/patches/CVE-2017-7526-4.patch: add exponent blinding in cipher/rsa.c. - debian/patches/CVE-2017-7526-5.patch: allow different build directory - CVE-2017-7526 -- Alex Murray <email address hidden> Mon, 06 Aug 2018 09:59:18 +0930

Source diff to previous version

CVE-2017-7526

Use of left-to-right sliding window method allows full RSA key recovery

Version: 1.4.20-1ubuntu3.2 2018-06-11 23:06:49 UTC

gnupg (1.4.20-1ubuntu3.2) xenial-security; urgency=medium * SECURITY UPDATE: missing sanitization of verbose output - debian/patches/CVE-2018-12020.patch: Sanitize diagnostic with the original file name. - CVE-2018-12020 -- Steve Beattie <email address hidden> Fri, 08 Jun 2018 15:53:57 -0700

Source diff to previous version

CVE-2018-12020

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof

Version: 1.4.20-1ubuntu3.1 2016-08-18 21:07:14 UTC

Version: 1.4.20-1ubuntu3.1	2016-08-18 21:07:14 UTC
`gnupg (1.4.20-1ubuntu3.1) xenial-security; urgency=medium * SECURITY UPDATE: random number generator prediction - debian/patches/CVE-2016-6313-1.patch: improve readability by using a macro in cipher/random.c. - debian/patches/CVE-2016-6313-2.patch: hash continuous areas in the csprng pool in cipher/random.c. - CVE-2016-6313 -- Marc Deslauriers <email address hidden> Wed, 17 Aug 2016 13:35:22 -0400`

gnupg (1.4.20-1ubuntu3.1) xenial-security; urgency=medium * SECURITY UPDATE: random number generator prediction - debian/patches/CVE-2016-6313-1.patch: improve readability by using a macro in cipher/random.c. - debian/patches/CVE-2016-6313-2.patch: hash continuous areas in the csprng pool in cipher/random.c. - CVE-2016-6313 -- Marc Deslauriers <email address hidden> Wed, 17 Aug 2016 13:35:22 -0400

About - Send Feedback to @ubuntu_updates

Package "gpgv"

Links

Download "gpgv"

Other versions of "gpgv" in Xenial

Changelog

Share this page

Bookmarks

Latest updates

updates

security

proposed

PPA updates