USN-304-1: gnupg vulnerability
Posted on: 06/26/2006 05:22 PM

A new gnupg vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-304-1 June 26, 2006
gnupg vulnerability
CVE-2006-3082
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
gnupg 1.2.5-3ubuntu5.4

Ubuntu 5.10:
gnupg 1.4.1-1ubuntu1.3

Ubuntu 6.06 LTS:
gnupg 1.4.2.2-1ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Evgeny Legerov discovered that GnuPG did not sufficiently check overly
large user ID packets. Specially crafted user IDs caused a buffer
overflow. By tricking an user or remote automated system into
processing a malicous GnuPG message, an attacker could exploit this to
crash GnuPG or possibly even execute arbitrary code.


Updated packages for Ubuntu 5.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu=
5.4.diff.gz
Size/MD5: 66657 258c3a5166f20a0859a3137a0154e661
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu=
5.4.dsc
Size/MD5: 654 7d0e00dfc3d9c8008fa863ad082a8244
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5.orig.ta=
r.gz
Size/MD5: 3645308 9109ff94f7a502acd915a6e61d28d98a

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu=
5.4_amd64.deb
Size/MD5: 805972 eb80d914280ca0d14e518c2517303fca
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ub=
untu5.4_amd64.udeb
Size/MD5: 146410 b1fe302ef21bb1b2a861dca1648671c8

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu=
5.4_i386.deb
Size/MD5: 750660 f7799aacd286de91cf1590d47f092fbf
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ub=
untu5.4_i386.udeb
Size/MD5: 121398 d3908ec7b4a400c372a887ffff90cd5c

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu=
5.4_powerpc.deb
Size/MD5: 806578 76656bbbce1e59dee14a07c4d06c9169
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ub=
untu5.4_powerpc.udeb
Size/MD5: 135516 57192001042e37f1597cbe8d4cc96397

Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu=
1.3.diff.gz
Size/MD5: 21031 d2e00314a6319c80e40af374299b3cdb
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu=
1.3.dsc
Size/MD5: 684 65b8ffc1c7f51d2920496eddadfb1236
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1.orig.ta=
r.gz
Size/MD5: 4059170 1cc77c6943baaa711222e954bbd785e5

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu=
1.3_amd64.deb
Size/MD5: 1136302 5b871cea504e1b520ac61ee0ace19452
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ub=
untu1.3_amd64.udeb
Size/MD5: 152178 97622cf5abc3f4923281d08536f816c0

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu=
1.3_i386.deb
Size/MD5: 1044392 30c94fae4dbc994eed85d226b226a938
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ub=
untu1.3_i386.udeb
Size/MD5: 130644 216ff1f2393a2dd5bf5c814a5f33ae9f

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu=
1.3_powerpc.deb
Size/MD5: 1119498 67ad3b4a3254334e85bd659e24a65bea
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ub=
untu1.3_powerpc.udeb
Size/MD5: 140162 38a01b4e3f447f6cd340d6d17b714180

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu=
1.3_sparc.deb
Size/MD5: 1064176 4e4e2671d46f266792d6693208bd5b34
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ub=
untu1.3_sparc.udeb
Size/MD5: 139584 9d840a2108b3d999e8b0ad620a262f69

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubun=
tu2.1.diff.gz
Size/MD5: 19943 a04a4bdf67d9e86d15c8b89312b455e5
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubun=
tu2.1.dsc
Size/MD5: 692 90847403acb4d359f8b75ad345985b9d
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2.orig.=
tar.gz
Size/MD5: 4222685 50d8fd9c5715ff78b7db0e5f20d08550

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubun=
tu2.1_amd64.deb
Size/MD5: 1066042 bb06afba5075ee71763b6391959cd074
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1=
ubuntu2.1_amd64.udeb
Size/MD5: 140274 3bfce59e90c5d356c743e0f7612ad2a6

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubun=
tu2.1_i386.deb
Size/MD5: 980840 4c677c20e0684b1271cc6606ab17a923
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1=
ubuntu2.1_i386.udeb
Size/MD5: 120298 cb027ca2dac06902a764a40ca2f02fe4

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubun=
tu2.1_powerpc.deb
Size/MD5: 1053332 20b7f093e43c9b8ea71c4860d4d312ae
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1=
ubuntu2.1_powerpc.udeb
Size/MD5: 130084 5035c386a599e112167cefd04964c911

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubun=
tu2.1_sparc.deb
Size/MD5: 993688 3aaaa181b7a003539bda014a71296b72
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1=
ubuntu2.1_sparc.udeb
Size/MD5: 127372 0f86bc1b29af92d85382e4d7bee4129d


--7pXD3OQNRL3RjWCz
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEoAQBDecnbV4Fd/IRApN9AJ9HTCppKYMBfNykmjBEXEuhLEqKWQCg7u3f
CCn2GtVGrA2MJjFoXme88XE=
=bX+6
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_304_1_gnupg_vulnerability.html)