LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 15th, 2014
Linux Advisory Watch: August 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: GnuPG2 vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu USN-389-1 and USN-393-1 fixed vulnerabilities in gnupg. This update provides the corresponding updates for gnupg2.
=========================================================== 
Ubuntu Security Notice USN-393-2          December 07, 2006
gnupg2 vulnerabilities
CVE-2006-6169, CVE-2006-6235
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.10:
  gnupg2                                   1.9.21-0ubuntu5.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-389-1 and USN-393-1 fixed vulnerabilities in gnupg.  This update 
provides the corresponding updates for gnupg2.

Original advisory details:

  A buffer overflow was discovered in GnuPG.  By tricking a user into 
  running gpg interactively on a specially crafted message, an attacker 
  could execute arbitrary code with the user's privileges.  This 
  vulnerability is not exposed when running gpg in batch mode.  
  (CVE-2006-6169)

  Tavis Ormandy discovered that gnupg was incorrectly using the stack.  
  If a user were tricked into processing a specially crafted message, an 
  attacker could execute arbitrary code with the user's privileges.
  (CVE-2006-6235)


Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_1.9.21-0ubuntu5.2.diff.gz
      Size/MD5:    39057 24885457e44f2061c1a2ef98047357d4
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_1.9.21-0ubuntu5.2.dsc
      Size/MD5:      839 5786619a42c6768da183ec2c39d70541
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_1.9.21.orig.tar.gz
      Size/MD5:  2290952 5a609db8ecc661fb299c0dccd84ad503

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg-agent_1.9.21-0ubuntu5.2_amd64.deb
      Size/MD5:   193748 57618f27a79f42a3e9f66705ed0ab151
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg2_1.9.21-0ubuntu5.2_amd64.deb
      Size/MD5:   787166 9641af8af591a9d61c3d9d77144aa320
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gpgsm_1.9.21-0ubuntu5.2_amd64.deb
      Size/MD5:   333002 a6d5f35e4fc7dc4c6a837862b269ddc1

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg-agent_1.9.21-0ubuntu5.2_i386.deb
      Size/MD5:   176170 3dc1e0b862fbf76905b61b20132812de
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg2_1.9.21-0ubuntu5.2_i386.deb
      Size/MD5:   737818 ab6d004d7fbf1b0850e6f6f4f09771d4
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gpgsm_1.9.21-0ubuntu5.2_i386.deb
      Size/MD5:   304798 1d6b309f0690685ffa95d219750033dc

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg-agent_1.9.21-0ubuntu5.2_powerpc.deb
      Size/MD5:   190614 16cd71ed4d92b1203806ba50e638e9e0
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg2_1.9.21-0ubuntu5.2_powerpc.deb
      Size/MD5:   773762 56903ee4d39929254b3a4ac06a56a2c5
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gpgsm_1.9.21-0ubuntu5.2_powerpc.deb
      Size/MD5:   324332 6b9152bd5753f974161c298d6fd6f894

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg-agent_1.9.21-0ubuntu5.2_sparc.deb
      Size/MD5:   174144 2e5e21144005113345e3abeef2b50496
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg2_1.9.21-0ubuntu5.2_sparc.deb
      Size/MD5:   726244 5dc2d8b804a2a5276344b151a46e1346
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gpgsm_1.9.21-0ubuntu5.2_sparc.deb
      Size/MD5:   297640 5c27421fb28c63abac748419a05220bb


--D+UG5SQJKkIYNVx0
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFeHorH/9LqRcGPm0RApCbAJwNssfTCtMs+GKF5cpfaY4vmEJH0wCeOfuz
k4PVbiCwtIDvA6RvUpKYPKE=3K74
-----END PGP SIGNATURE-----

--D+UG5SQJKkIYNVx0--


--==============25060444=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--==============25060444==--
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Moving toward smart and secure continuous software delivery
Stealthy, Razor Thin ATM Insert Skimmers
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.