VulnerableCode Package Details - pkg:deb/ubuntu/gnupg@1.4.20-1ubuntu3.2

Search for packages

Package details: pkg:deb/ubuntu/gnupg@1.4.20-1ubuntu3.2

Essentials
History (0)

purl	pkg:deb/ubuntu/gnupg@1.4.20-1ubuntu3.2

Next non-vulnerable version	1.4.20-1ubuntu3.3
Latest non-vulnerable version	1.4.20-1ubuntu3.3
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-vavn-12uu-aaan Aliases: CVE-2017-7526	libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.	1.4.20-1ubuntu3.3 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-4u1u-zxbs-aaag	mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.	CVE-2018-12020

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version