DebianDEBIAN:DLA-175-1:C3EFD[SECURITY] [DLA 175-1] gnupg security update
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.004 Low
EPSS
Percentile
73.1%
Package : gnupg
Version : 1.4.10-4+squeeze7
CVE ID : CVE-2014-3591 CVE-2015-0837 CVE-2015-1606
Debian Bug : 778652
Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard:
CVE-2014-3591
The Elgamal decryption routine was susceptible to a side-channel
attack discovered by researchers of Tel Aviv University. Ciphertext
blinding was enabled to counteract it. Note that this may have a quite
noticeable impact on Elgamal decryption performance.
CVE-2015-0837
The modular exponentiation routine mpi_powm() was susceptible to a
side-channel attack caused by data-dependent timing variations when
accessing its internal pre-computed table.
CVE-2015-1606
The keyring parsing code did not properly reject certain packet types
not belonging in a keyring, which caused an access to memory already
freed. This could allow remote attackers to cause a denial of service
(crash) via crafted keyring files.
For the oldstable distribution (squeeze), those problems have been fixed in
version 1.4.10-4+squeeze7.
For the stable distribution (wheezy), these problems have been fixed in
version 1.4.12-7+deb7u7.
We recommend that you upgrade your gnupg packages.
β
RaphaΓ«l Hertzog β Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Attachment:
signature.asc
Description: Digital signature
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 7 | powerpc | gpgv-udeb | <Β 1.4.12-7+deb7u7 | gpgv-udeb_1.4.12-7+deb7u7_powerpc.deb |
| Debian | 7 | powerpc | gnupg-curl | <Β 1.4.12-7+deb7u7 | gnupg-curl_1.4.12-7+deb7u7_powerpc.deb |
| Debian | 7 | s390 | gpgv-udeb | <Β 1.4.12-7+deb7u7 | gpgv-udeb_1.4.12-7+deb7u7_s390.deb |
| Debian | 7 | kfreebsd-i386 | gpgv-udeb | <Β 1.4.12-7+deb7u7 | gpgv-udeb_1.4.12-7+deb7u7_kfreebsd-i386.deb |
| Debian | 7 | armel | gpgv | <Β 1.4.12-7+deb7u7 | gpgv_1.4.12-7+deb7u7_armel.deb |
| Debian | 7 | ia64 | gnupg-udeb | <Β 1.4.12-7+deb7u7 | gnupg-udeb_1.4.12-7+deb7u7_ia64.deb |
| Debian | 7 | i386 | gnupg-udeb | <Β 1.4.12-7+deb7u7 | gnupg-udeb_1.4.12-7+deb7u7_i386.deb |
| Debian | 7 | kfreebsd-i386 | gnupg-udeb | <Β 1.4.12-7+deb7u7 | gnupg-udeb_1.4.12-7+deb7u7_kfreebsd-i386.deb |
| Debian | 7 | kfreebsd-i386 | gnupg | <Β 1.4.12-7+deb7u7 | gnupg_1.4.12-7+deb7u7_kfreebsd-i386.deb |
| Debian | 7 | mips | gnupg | <Β 1.4.12-7+deb7u7 | gnupg_1.4.12-7+deb7u7_mips.deb |
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.004 Low
EPSS
Percentile
73.1%