========================================================================== Ubuntu Security Notice USN-4516-1 September 17, 2020 gnupg2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: GnuPG could be made to expose sensitive information. Software Description: - gnupg2: GNU privacy guard - a free PGP replacement Details: It was discovered that GnuPG signatures could be forged when the SHA-1 algorithm is being used. This update removes validating signatures based on SHA-1 that were generated after 2019-01-19. In environments where this is still required, a new option --allow-weak-key-signatures can be used to revert this behaviour. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: gnupg 2.2.4-1ubuntu1.3 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4516-1 CVE-2019-14855 Package Information: https://launchpad.net/ubuntu/+source/gnupg2/2.2.4-1ubuntu1.3