GnuPG and Libgcrypt Vulnerability Closed in All Supported Ubuntu OSes

Users are advised to update their system as soon as possible

By on August 2nd, 2013 19:01 GMT

In a security notice dated July 31 Canonical published details about a GnuPG and Libgcrypt vulnerability in its Ubuntu 13.04, Ubuntu 12.10, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS operating systems.

According to Canonical, GnuPG and Libgcrypt could have been made to expose sensitive information.

A timing-based information leak that could be used to trace execution in programs, known as Flush+Reload, has been discovered. GnuPG and Libgcrypt followed different execution paths based on key-related data, which could have been used to expose the contents of private keys.

For a more detailed description of the security problems, you can see Canonical's security notification.

The security flaws can be fixed if you upgrade your system(s) to the latest libgcrypt11 and gnupg packages specific to each distribution. To apply the patch, run the Update Manager application.

In general, a standard system update will make all the necessary changes. A system restart will not be necessary.

Comments