<<< Date Index >>>     <<< Thread Index >>>

[USN-332-1] gnupg vulnerability



=========================================================== 
Ubuntu Security Notice USN-332-1            August 03, 2006
gnupg vulnerability
CVE-2006-3746
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  gnupg                                    1.2.5-3ubuntu5.5

Ubuntu 5.10:
  gnupg                                    1.4.1-1ubuntu1.4

Ubuntu 6.06 LTS:
  gnupg                                    1.4.2.2-1ubuntu2.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Evgeny Legerov discovered that gnupg did not sufficiently check the
validity of the comment and a control field. Specially crafted GPG
data could cause a buffer overflow. This could be exploited to execute
arbitrary code with the user's privileges if an attacker can trick an
user into processing a malicious encrypted/signed document with gnupg.


Updated packages for Ubuntu 5.04:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.5.diff.gz
      Size/MD5:    67172 29ae368ce975c0ba45f5f8faab3544eb
    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.5.dsc
      Size/MD5:      654 b77427b0e347fd51822fbded59629c39
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5.orig.tar.gz
      Size/MD5:  3645308 9109ff94f7a502acd915a6e61d28d98a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.5_amd64.deb
      Size/MD5:   806304 ed9984ee4c43817ad4bfaac0318dacd2
    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.5_amd64.udeb
      Size/MD5:   146492 1761ff0057e8c5fc1290bb6fea061fff

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.5_i386.deb
      Size/MD5:   750870 327780d0bc5b4492cfb2d91d81ce1e4d
    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.5_i386.udeb
      Size/MD5:   121414 755b78879ae2ff649831bc4258ec9cd0

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.5_powerpc.deb
      Size/MD5:   806802 659c72a26c312d0a21dfca0ef8168dc1
    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.5_powerpc.udeb
      Size/MD5:   135552 738c35bc6fce9b6c23a85bcd8e805d31

Updated packages for Ubuntu 5.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4.diff.gz
      Size/MD5:    21517 ce1cea807240a851dc29c0ad1c8e3824
    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4.dsc
      Size/MD5:      684 75bea35501b917876414e63811e4724f
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1.orig.tar.gz
      Size/MD5:  4059170 1cc77c6943baaa711222e954bbd785e5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4_amd64.deb
      Size/MD5:  1136488 845e1771e0f8437a7d77b8ffcdc13b5a
    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.4_amd64.udeb
      Size/MD5:   152266 3a4de994f65e12058b69eeb3940d8c9f

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4_i386.deb
      Size/MD5:  1044632 f8da3941df01cced12e35fb0c4bf3e53
    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.4_i386.udeb
      Size/MD5:   130694 3af2232b978645923226a0cb6714475d

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4_powerpc.deb
      Size/MD5:  1119760 3a01f0ee2ba319d6d884b84f82b25f2d
    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.4_powerpc.udeb
      Size/MD5:   140248 a61c84caeecffb3b3c3207b28a84e8ab

  sparc architecture (Sun SPARC/UltraSPARC)

    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4_sparc.deb
      Size/MD5:  1064344 258595b36dd297f5100cc82f59717e54
    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.4_sparc.udeb
      Size/MD5:   139584 58cc4a91254ea52878b4df2873ad22c2

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2.diff.gz
      Size/MD5:    20451 b0c637087a904197f957c32b6364417d
    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2.dsc
      Size/MD5:      692 84098e8a7001961c8141eb8ea4f3dcde
    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2.orig.tar.gz
      Size/MD5:  4222685 50d8fd9c5715ff78b7db0e5f20d08550

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2_amd64.deb
      Size/MD5:  1066284 23f4741e2da976dd050d38c5da08e9f8
    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.2_amd64.udeb
      Size/MD5:   140296 c53b5fbc2cc73451b72875907cc417c1

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2_i386.deb
      Size/MD5:   981204 ed7bcc9d4a3442efbcac2f4b99a2b57d
    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.2_i386.udeb
      Size/MD5:   120282 031ef43bea646c9687a8e9d1929ad988

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2_powerpc.deb
      Size/MD5:  1053660 7ee4f7add0d48f056fb0fc964b85b032
    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.2_powerpc.udeb
      Size/MD5:   130170 fe7a1606cc65d71fce2b7e7f3fab88dc

  sparc architecture (Sun SPARC/UltraSPARC)

    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2_sparc.deb
      Size/MD5:   993782 025a2fbe8c4a466b37b2a455226f3876
    
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.2_sparc.udeb
      Size/MD5:   127434 2d5a6522372b8c645a2fb5b37bb1e846

Attachment: signature.asc
Description: Digital signature