Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 3024-1] gnupg security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 3024-1] gnupg security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Thijs Kinkhorst <thijs AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 3024-1] gnupg security update
  • Date: Thu, 11 Sep 2014 22:35:10 +0200 (CEST)
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
  • Old-return-path: <thijs AT kinkhorst.com>
  • Priority: urgent
  • Resent-date: Thu, 11 Sep 2014 20:42:53 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <YwbTzq-EusL.A.Nw.NlgEUB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3024-1 security AT debian.org
http://www.debian.org/security/ Thijs Kinkhorst

September 11, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : gnupg
CVE ID : CVE-2014-5270
Debian Bug : 725411

Genkin, Pipman and Tromer discovered a side-channel attack on Elgamal
encryption subkeys (CVE-2014-5270).

In addition, this update hardens GnuPG's behaviour when treating
keyserver responses; GnuPG now filters keyserver responses to only
accepts those keyid's actually requested by the user.

For the stable distribution (wheezy), this problem has been fixed in
version 1.4.12-7+deb7u6.

For the testing (jessie) and unstable distribution (sid), this
problem has been fixed in version 1.4.18-4.

We recommend that you upgrade your gnupg packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUEgcFAAoJEFb2GnlAHawEK40H/i9VVDxZhEXnPZakg6677rd5
MfVHXpq0cYHV3qu4ll8z4i5ZYghKoWD4nCF9A6U4K7rxIK+k4jXmCMWcC6fAnSaJ
Kqc0PIOyIrN/Yz4je904COkIvAYMWJKj9TaqAAxVSzQGGRiCFFzw0IMZp8Qj/sy1
1oI+x+sJKFsmTF1mhOAhBM6Bdo/k3HMhMQ92Eoxd4/cW1p3XoQXgc+qU3y4Uvxz9
YUB7WyXyWZDwMjiFOBavE9Yk/cYXNrpPC/6eUCnwzTgi7MZhN5AqSP9IowY95gAH
Foa6vfXeSD3e2jydIJD6m6LNiIPXf+IC8q+x3BAEoeyt3Afp+lfBIDecKUVtOPo=
=5tow
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST AT lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster AT lists.debian.org
Archive: 20140911203510.D0C9C5A990 AT kinkhorst.com">https://lists.debian.org/20140911203510.D0C9C5A990 AT kinkhorst.com



  • [IT-SecNots] [SECURITY] [DSA 3024-1] gnupg security update, Thijs Kinkhorst, 11.09.2014

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang