The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[USN-393-2] GnuPG2 vulnerabilities


<< Previous INDEX Search src / Print Next >> 
Date: Thu, 7 Dec 2006 12:31:39 -0800
From: Kees Cook <kees@ubuntu.com.>
To: [email protected]
Subject: [USN-393-2] GnuPG2 vulnerabilities
Message-ID: <20061207203139.GR6550@outflux.net.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="D+UG5SQJKkIYNVx0"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.266 $
X-HELO: gorgon.outflux.net
X-Scanned-By: MIMEDefang 2.57 on 10.2.0.1
X-Virus-Scanned: antivirus-gw at tyumen.ru


--D+UG5SQJKkIYNVx0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
Ubuntu Security Notice USN-393-2          December 07, 2006
gnupg2 vulnerabilities
CVE-2006-6169, CVE-2006-6235
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.10:
  gnupg2                                   1.9.21-0ubuntu5.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-389-1 and USN-393-1 fixed vulnerabilities in gnupg.  This update=20
provides the corresponding updates for gnupg2.

Original advisory details:

  A buffer overflow was discovered in GnuPG.  By tricking a user into=20
  running gpg interactively on a specially crafted message, an attacker=20
  could execute arbitrary code with the user's privileges.  This=20
  vulnerability is not exposed when running gpg in batch mode. =20
  (CVE-2006-6169)

  Tavis Ormandy discovered that gnupg was incorrectly using the stack. =20
  If a user were tricked into processing a specially crafted message, an=20
  attacker could execute arbitrary code with the user's privileges.
  (CVE-2006-6235)


Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_1.9.21-0ubu=
ntu5.2.diff.gz
      Size/MD5:    39057 24885457e44f2061c1a2ef98047357d4
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_1.9.21-0ubu=
ntu5.2.dsc
      Size/MD5:      839 5786619a42c6768da183ec2c39d70541
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_1.9.21.orig=
=2Etar.gz
      Size/MD5:  2290952 5a609db8ecc661fb299c0dccd84ad503

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg-agent_1.=
9.21-0ubuntu5.2_amd64.deb
      Size/MD5:   193748 57618f27a79f42a3e9f66705ed0ab151
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg2_1.9.21-=
0ubuntu5.2_amd64.deb
      Size/MD5:   787166 9641af8af591a9d61c3d9d77144aa320
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gpgsm_1.9.21-0ubun=
tu5.2_amd64.deb
      Size/MD5:   333002 a6d5f35e4fc7dc4c6a837862b269ddc1

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg-agent_1.=
9.21-0ubuntu5.2_i386.deb
      Size/MD5:   176170 3dc1e0b862fbf76905b61b20132812de
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg2_1.9.21-=
0ubuntu5.2_i386.deb
      Size/MD5:   737818 ab6d004d7fbf1b0850e6f6f4f09771d4
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gpgsm_1.9.21-0ubun=
tu5.2_i386.deb
      Size/MD5:   304798 1d6b309f0690685ffa95d219750033dc

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg-agent_1.=
9.21-0ubuntu5.2_powerpc.deb
      Size/MD5:   190614 16cd71ed4d92b1203806ba50e638e9e0
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg2_1.9.21-=
0ubuntu5.2_powerpc.deb
      Size/MD5:   773762 56903ee4d39929254b3a4ac06a56a2c5
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gpgsm_1.9.21-0ubun=
tu5.2_powerpc.deb
      Size/MD5:   324332 6b9152bd5753f974161c298d6fd6f894

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg-agent_1.=
9.21-0ubuntu5.2_sparc.deb
      Size/MD5:   174144 2e5e21144005113345e3abeef2b50496
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg2_1.9.21-=
0ubuntu5.2_sparc.deb
      Size/MD5:   726244 5dc2d8b804a2a5276344b151a46e1346
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gpgsm_1.9.21-0ubun=
tu5.2_sparc.deb
      Size/MD5:   297640 5c27421fb28c63abac748419a05220bb


--D+UG5SQJKkIYNVx0
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFeHorH/9LqRcGPm0RApCbAJwNssfTCtMs+GKF5cpfaY4vmEJH0wCeOfuz
k4PVbiCwtIDvA6RvUpKYPKE=
=3K74
-----END PGP SIGNATURE-----

--D+UG5SQJKkIYNVx0--

<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей 		Created 1996-2025 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру