Content-Disposition: inline ==========================================================================Ubuntu Security Notice USN-1923-1 August 01, 2013 gnupg, libgcrypt11 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: GnuPG and Libgcrypt could be made to expose sensitive information. Software Description: - gnupg: GNU privacy guard - a free PGP replacement - libgcrypt11: LGPL Crypto library - runtime library Details: Yuval Yarom and Katrina Falkner discovered a timing-based information leak, known as Flush+Reload, that could be used to trace execution in programs. GnuPG and Libgcrypt followed different execution paths based on key-related data, which could be used to expose the contents of private keys. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.04: gnupg 1.4.12-7ubuntu1.1 libgcrypt11 1.5.0-3ubuntu2.2 Ubuntu 12.10: gnupg 1.4.11-3ubuntu4.2 libgcrypt11 1.5.0-3ubuntu1.1 Ubuntu 12.04 LTS: gnupg 1.4.11-3ubuntu2.3 libgcrypt11 1.5.0-3ubuntu0.2 Ubuntu 10.04 LTS: gnupg 1.4.10-2ubuntu1.3 libgcrypt11 1.4.4-5ubuntu2.2 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1923-1 CVE-2013-4242 Package Information: https://launchpad.net/ubuntu/+source/gnupg/1.4.12-7ubuntu1.1 https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.0-3ubuntu2.2 https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu4.2 https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.0-3ubuntu1.1 https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu2.3 https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.0-3ubuntu0.2 https://launchpad.net/ubuntu/+source/gnupg/1.4.10-2ubuntu1.3 https://launchpad.net/ubuntu/+source/libgcrypt11/1.4.4-5ubuntu2.2