LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 31st, 2014
Linux Security Week: October 27th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: GnuPG vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Tavis Ormandy discovered that gnupg was incorrectly using the stack. If a user were tricked into processing a specially crafted message, an attacker could execute arbitrary code with the user's privileges.
=========================================================== 
Ubuntu Security Notice USN-393-1          December 07, 2006
gnupg vulnerability
CVE-2006-6235
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  gnupg                                    1.4.1-1ubuntu1.6

Ubuntu 6.06 LTS:
  gnupg                                    1.4.2.2-1ubuntu2.4

Ubuntu 6.10:
  gnupg                                    1.4.3-2ubuntu3.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Tavis Ormandy discovered that gnupg was incorrectly using the stack.  If 
a user were tricked into processing a specially crafted message, an 
attacker could execute arbitrary code with the user's privileges.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.6.diff.gz
      Size/MD5:    23701 7a9033efbfb1f0028f53cef54f1a6522
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.6.dsc
      Size/MD5:      684 4740552c8acbe2143bfff11dbfaee85b
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1.orig.tar.gz
      Size/MD5:  4059170 1cc77c6943baaa711222e954bbd785e5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.6_amd64.deb
      Size/MD5:  1136698 64e954a21f51c939792b140f5a0fc5df
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.6_amd64.udeb
      Size/MD5:   152276 c703faddbf82858fa85560912ea3f7b0

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.6_i386.deb
      Size/MD5:  1044848 6dc25f6204f754f80b15f90bac175a25
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.6_i386.udeb
      Size/MD5:   130672 3a69e1804fb1234a70d9715d42b929e1

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.6_powerpc.deb
      Size/MD5:  1120042 16103aee54c188b9e74b81d776537bc4
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.6_powerpc.udeb
      Size/MD5:   140218 fcc41df5bf7d7336ac00ab8a1edaa665

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.6_sparc.deb
      Size/MD5:  1064838 8c78b6bca94a9bc62a9d7a9f5a8ae298
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.6_sparc.udeb
      Size/MD5:   139598 830785d65ea4bdb0d8ed8d123fcb2d6f

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.4.diff.gz
      Size/MD5:    22621 3e45e6fe65cd1334a12d6bfbc9d26f2b
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.4.dsc
      Size/MD5:      690 1ce5bd388f35b6bdd48e12719308cea5
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2.orig.tar.gz
      Size/MD5:  4222685 50d8fd9c5715ff78b7db0e5f20d08550

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.4_amd64.deb
      Size/MD5:  1066564 f3c60d096d2ea85b02f8898660ab7997
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.4_amd64.udeb
      Size/MD5:   140308 5f18581d5ab54d33f2d69b079985c599

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.4_i386.deb
      Size/MD5:   981652 8497f389c4feb73d10ff8c82810b2659
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.4_i386.udeb
      Size/MD5:   120282 a0001759aec7eb6317d8bd0656078ff6

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.4_powerpc.deb
      Size/MD5:  1054114 565e5af4a14baed975050837af3d600b
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.4_powerpc.udeb
      Size/MD5:   130160 d97f253e9f24a3f831b31d1fae25a67c

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.4_sparc.deb
      Size/MD5:   994418 15ec9d7565fd5a2ba18ca8cbd03357f8
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.4_sparc.udeb
      Size/MD5:   127412 028eaa2d4ca1c8d96eefaa663f853290

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3-2ubuntu3.2.diff.gz
      Size/MD5:    27943 c2dd800ba7a267e9ec69316c7d5c5326
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3-2ubuntu3.2.dsc
      Size/MD5:      697 c095b5eee6408adc65d88a26b124c026
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3.orig.tar.gz
      Size/MD5:  4320394 fcdf572a33dd037653707b128dd150a7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg/gnupg-udeb_1.4.3-2ubuntu3.2_amd64.udeb
      Size/MD5:   379922 56441176d8767b88d240284ea8c10b20
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3-2ubuntu3.2_amd64.deb
      Size/MD5:  1112292 1ff2c321882324dc5d8b1b527a4131e2
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.3-2ubuntu3.2_amd64.udeb
      Size/MD5:   142630 a0d0bbb95df1652697e8c5dfce3abd6d

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg/gnupg-udeb_1.4.3-2ubuntu3.2_i386.udeb
      Size/MD5:   357610 2b83faf2418ae37d1f9b9d05948b98e2
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3-2ubuntu3.2_i386.deb
      Size/MD5:  1055760 8034b6cd5cd73f7de7e7325b4e7d4603
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.3-2ubuntu3.2_i386.udeb
      Size/MD5:   129146 deb3e977a44c7ec6e9ebd279285d391c

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg/gnupg-udeb_1.4.3-2ubuntu3.2_powerpc.udeb
      Size/MD5:   372524 1385f1d9a1874d457ec7f41bb6f88028
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3-2ubuntu3.2_powerpc.deb
      Size/MD5:  1107338 38c9a6fca86bf659781f8117ac80fa0b
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.3-2ubuntu3.2_powerpc.udeb
      Size/MD5:   136288 002befb66b791fdac4889095dbc67d1b

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg/gnupg-udeb_1.4.3-2ubuntu3.2_sparc.udeb
      Size/MD5:   366204 f350d40bceeebaf01a0f525aa33bb9ac
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3-2ubuntu3.2_sparc.deb
      Size/MD5:  1042454 4b2f85afdea3cce9d837982badf7eb61
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.3-2ubuntu3.2_sparc.udeb
      Size/MD5:   132764 194f8cb7439efed249d84d39e4d27abc


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pirate Bay founder guilty in historic hacker case
Parallels CTO: Linux container security is not the problem
Advisory says to assume all Drupal 7 websites are compromised
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.