LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 29th, 2014
Linux Security Week: August 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: GnuPG vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu A buffer overflow was discovered in GnuPG. By tricking a user into running gpg interactively on a specially crafted message, an attacker could execute arbitrary code with the user's privileges. This vulnerability is not exposed when running gpg in batch mode.
=========================================================== 
Ubuntu Security Notice USN-389-1          November 29, 2006
gnupg vulnerability
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  gnupg                                    1.4.1-1ubuntu1.5

Ubuntu 6.06 LTS:
  gnupg                                    1.4.2.2-1ubuntu2.3

Ubuntu 6.10:
  gnupg                                    1.4.3-2ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

A buffer overflow was discovered in GnuPG.  By tricking a user into 
running gpg interactively on a specially crafted message, an attacker 
could execute arbitrary code with the user's privileges.  This 
vulnerability is not exposed when running gpg in batch mode.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.5.diff.gz
      Size/MD5:    21914 9c398c7ad981984ce7e2d5c73d39646c
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.5.dsc
      Size/MD5:      684 99674acf9842bede50bfc9cee94233bc
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1.orig.tar.gz
      Size/MD5:  4059170 1cc77c6943baaa711222e954bbd785e5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.5_amd64.deb
      Size/MD5:  1136516 6f95cee543adea0d34af0db0270e8301
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.5_amd64.udeb
      Size/MD5:   152280 91e6fec1a7cac200e6607a5aca8e283c

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.5_i386.deb
      Size/MD5:  1044704 511314c5de795b3f732fbc48fa9bc245
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.5_i386.udeb
      Size/MD5:   130672 c2af84edf925cf93e92df0afd1747a8b

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.5_powerpc.deb
      Size/MD5:  1119908 d942ad0abd5921bb771fd6180d32f28b
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.5_powerpc.udeb
      Size/MD5:   140214 ac880f5f3a32fe0bba76d61ef5374f61

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.5_sparc.deb
      Size/MD5:  1064488 49125a2b181ce9e4ca22b67b6712b153
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.5_sparc.udeb
      Size/MD5:   139606 f97c2b5b2f406afb0cc8478df8529a1c

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.3.diff.gz
      Size/MD5:    20808 4208a73338b5624d39f355e553927548
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.3.dsc
      Size/MD5:      690 858b47da7b535136aa99ab7ccbd2aaef
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2.orig.tar.gz
      Size/MD5:  4222685 50d8fd9c5715ff78b7db0e5f20d08550

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.3_amd64.deb
      Size/MD5:  1066374 7e03df9183620a5c23db7caefb3f5b2b
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.3_amd64.udeb
      Size/MD5:   140312 9384b3aa9a950db2bb80ad20f820529c

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.3_i386.deb
      Size/MD5:   981392 75eba5633769eb5c8e4fbd863d0ffed9
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.3_i386.udeb
      Size/MD5:   120284 5ab02d409b4b475657f5c52081d3ccf9

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.3_powerpc.deb
      Size/MD5:  1053850 43d575debcff4457419d48f78d164449
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.3_powerpc.udeb
      Size/MD5:   130154 9491f62000cc12df6f23b8d66fd97859

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.3_sparc.deb
      Size/MD5:   994040 09848e3252cae2efeefeef913e4ef9d5
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.3_sparc.udeb
      Size/MD5:   127412 56d3912d3002bf3f0377a6437a6f851c

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3-2ubuntu3.1.diff.gz
      Size/MD5:    25822 be04724ca7e6d4dcf2a016ebe2d4bd25
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3-2ubuntu3.1.dsc
      Size/MD5:      697 446e892916ea052627a78152037651d9
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3.orig.tar.gz
      Size/MD5:  4320394 fcdf572a33dd037653707b128dd150a7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg/gnupg-udeb_1.4.3-2ubuntu3.1_amd64.udeb
      Size/MD5:   379748 635660a16621f2d7cc752e61cf926208
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3-2ubuntu3.1_amd64.deb
      Size/MD5:  1112036 daa0230d7072a2b25996d5ef387d5312
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.3-2ubuntu3.1_amd64.udeb
      Size/MD5:   142628 db13e0940956c59d2efd2467e30dd27c

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg/gnupg-udeb_1.4.3-2ubuntu3.1_i386.udeb
      Size/MD5:   357538 0cfa39e8bf18bd48991298bc01a733ec
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3-2ubuntu3.1_i386.deb
      Size/MD5:  1055538 67ba9574b18247de52f32ba976d941ef
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.3-2ubuntu3.1_i386.udeb
      Size/MD5:   129146 1fb42163be150d7fa7b73dfcbfbcb244

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg/gnupg-udeb_1.4.3-2ubuntu3.1_powerpc.udeb
      Size/MD5:   372472 f2b7b44029ff56d7911590d4285be8bd
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3-2ubuntu3.1_powerpc.deb
      Size/MD5:  1107214 8ac1d1de40130c0b61334fde37692c9b
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.3-2ubuntu3.1_powerpc.udeb
      Size/MD5:   136288 023825eced954075f8e3443a227a5aa3

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg/gnupg-udeb_1.4.3-2ubuntu3.1_sparc.udeb
      Size/MD5:   366138 d98c8c252f725be2895a99a2f1ffd23d
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3-2ubuntu3.1_sparc.deb
      Size/MD5:  1042190 01e8b454133f351081d6fab5fdea0443
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.3-2ubuntu3.1_sparc.udeb
      Size/MD5:   132764 d961891ab18f423819b766f3ce670e39


--obAtV4On+KRLREo5
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFbgtVH/9LqRcGPm0RAsEtAJ4y914Prb5EBRhSF5QptHKB7DFTCwCfbaeP
OvQU1zQzB4esi5TjLxYOT1M=l8ec
-----END PGP SIGNATURE-----

--obAtV4On+KRLREo5--


--==============29773653=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--==============29773653==--
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
How Cops and Hackers Could Abuse California’s New Phone Kill-Switch Law
Why Russian hackers are beating us
DQ Breach? HQ Says No, But Would it Know?
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.