DebianDEBIAN:DSA-3024-1:CD946[SECURITY] [DSA 3024-1] gnupg security update
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
40.3%
Debian Security Advisory DSA-3024-1 [email protected]
http://www.debian.org/security/ Thijs Kinkhorst
September 11, 2014 http://www.debian.org/security/faq
Package : gnupg
CVE ID : CVE-2014-5270
Debian Bug : 725411
Genkin, Pipman and Tromer discovered a side-channel attack on Elgamal
encryption subkeys (CVE-2014-5270).
In addition, this update hardens GnuPG's behaviour when treating
keyserver responses; GnuPG now filters keyserver responses to only
accepts those keyid's actually requested by the user.
For the stable distribution (wheezy), this problem has been fixed in
version 1.4.12-7+deb7u6.
For the testing (jessie) and unstable distribution (sid), this
problem has been fixed in version 1.4.18-4.
We recommend that you upgrade your gnupg packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 7 | kfreebsd-i386 | libgcrypt11 | < 1.5.0-5+deb7u2 | libgcrypt11_1.5.0-5+deb7u2_kfreebsd-i386.deb |
| Debian | 6 | amd64 | libgcrypt11 | < 1.4.5-2+squeeze2 | libgcrypt11_1.4.5-2+squeeze2_amd64.deb |
| Debian | 7 | powerpc | gnupg | < 1.4.12-7+deb7u6 | gnupg_1.4.12-7+deb7u6_powerpc.deb |
| Debian | 7 | kfreebsd-amd64 | libgcrypt11-dev | < 1.5.0-5+deb7u2 | libgcrypt11-dev_1.5.0-5+deb7u2_kfreebsd-amd64.deb |
| Debian | 7 | amd64 | libgcrypt11-udeb | < 1.5.0-5+deb7u2 | libgcrypt11-udeb_1.5.0-5+deb7u2_amd64.deb |
| Debian | 7 | s390 | gnupg-curl | < 1.4.12-7+deb7u6 | gnupg-curl_1.4.12-7+deb7u6_s390.deb |
| Debian | 7 | powerpc | libgcrypt11-dev | < 1.5.0-5+deb7u2 | libgcrypt11-dev_1.5.0-5+deb7u2_powerpc.deb |
| Debian | 7 | s390x | libgcrypt11 | < 1.5.0-5+deb7u2 | libgcrypt11_1.5.0-5+deb7u2_s390x.deb |
| Debian | 7 | amd64 | gpgv-udeb | < 1.4.12-7+deb7u6 | gpgv-udeb_1.4.12-7+deb7u6_amd64.deb |
| Debian | 7 | armhf | gnupg | < 1.4.12-7+deb7u6 | gnupg_1.4.12-7+deb7u6_armhf.deb |
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
40.3%