UbuntuUSN-2554-1GnuPG vulnerabilities
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.3 High
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.6%
Releases
- Ubuntu 14.10
- Ubuntu 14.04 ESM
- Ubuntu 12.04
- Ubuntu 10.04
Packages
- gnupg - GNU privacy guard - a free PGP replacement
- gnupg2 - GNU privacy guard - a free PGP replacement
Details
Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered
that GnuPG was susceptible to an attack via physical side channels. A local
attacker could use this attack to possibly recover private keys.
(CVE-2014-3591)
Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was
susceptible to an attack via physical side channels. A local attacker could
use this attack to possibly recover private keys. (CVE-2015-0837)
Hanno BΓΆck discovered that GnuPG incorrectly handled certain malformed
keyrings. If a user or automated system were tricked into opening a
malformed keyring, a remote attacker could use this issue to cause GnuPG to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2015-1606, CVE-2015-1607)
In addition, this update improves GnuPG security by validating that the
keys returned by keyservers match those requested.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 14.10 | noarch | gnupg | <Β 1.4.16-1.2ubuntu1.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | gnupg-curl | <Β 1.4.16-1.2ubuntu1.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | gnupg-udeb | <Β 1.4.16-1.2ubuntu1.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | gpgv | <Β 1.4.16-1.2ubuntu1.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | gpgv-udeb | <Β 1.4.16-1.2ubuntu1.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | gnupg2 | <Β 2.0.24-1ubuntu2.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | gnupg-agent | <Β 2.0.24-1ubuntu2.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | gpgsm | <Β 2.0.24-1ubuntu2.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | gpgv2 | <Β 2.0.24-1ubuntu2.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | scdaemon | <Β 2.0.24-1ubuntu2.2 | UNKNOWN |
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.3 High
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.6%