RHSA-2006:0571-01 Moderate: gnupg security update

Posted by Bob on: 07/18/2006 11:42 AM [ Print | 0 comment(s) ]

A new update is available for Red Hat Enterprise Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: gnupg security update
Advisory ID: RHSA-2006:0571-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0571.html
Issue date: 2006-07-18
Updated on: 2006-07-18
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-3082
- ---------------------------------------------------------------------

1. Summary:

An updated GnuPG package that fixes a security issue is now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

GnuPG is a utility for encrypting data and creating digital signatures.

An integer overflow flaw was found in GnuPG. An attacker could create a
carefully crafted message packet with a large length that could cause GnuPG
to crash or possibly overwrite memory when opened. (CVE-2006-3082)

All users of GnuPG are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

195945 - CVE-2006-3082 gnupg integer overflow

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gnupg-1.0.7-17.src.rpm
fa7cfe6dfa03fa809e9b2af5147a7d51 gnupg-1.0.7-17.src.rpm

i386:
0cc151d11326fd2358805f4586a53184 gnupg-1.0.7-17.i386.rpm

ia64:
c1b68462b1b4d696fa9e90e38f6f54d7 gnupg-1.0.7-17.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gnupg-1.0.7-17.src.rpm
fa7cfe6dfa03fa809e9b2af5147a7d51 gnupg-1.0.7-17.src.rpm

ia64:
c1b68462b1b4d696fa9e90e38f6f54d7 gnupg-1.0.7-17.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gnupg-1.0.7-17.src.rpm
fa7cfe6dfa03fa809e9b2af5147a7d51 gnupg-1.0.7-17.src.rpm

i386:
0cc151d11326fd2358805f4586a53184 gnupg-1.0.7-17.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gnupg-1.0.7-17.src.rpm
fa7cfe6dfa03fa809e9b2af5147a7d51 gnupg-1.0.7-17.src.rpm

i386:
0cc151d11326fd2358805f4586a53184 gnupg-1.0.7-17.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gnupg-1.2.1-16.src.rpm
f173b3d78ec867a2f3111bdf974a274f gnupg-1.2.1-16.src.rpm

i386:
4a09e2928900d8a82c2d783c7eb2d296 gnupg-1.2.1-16.i386.rpm
585875422f491242ad70dba461de85ea gnupg-debuginfo-1.2.1-16.i386.rpm

ia64:
9e5c54d0ab18653e474d55b7dbf239f4 gnupg-1.2.1-16.ia64.rpm
e9b95b54d37687b4450ab049305c3206 gnupg-debuginfo-1.2.1-16.ia64.rpm

ppc:
950443789619df4f52cdf43ab0fec80c gnupg-1.2.1-16.ppc.rpm
90dbe63929e7992bf0c24b43a925b777 gnupg-debuginfo-1.2.1-16.ppc.rpm

s390:
7e791472c18454f8f9a0e5efbee1ef87 gnupg-1.2.1-16.s390.rpm
c17c578799ba3d2996a883f3be7fa76e gnupg-debuginfo-1.2.1-16.s390.rpm

s390x:
14b9d593377b1e01a1dae543cc1716ad gnupg-1.2.1-16.s390x.rpm
31b331a50108e47b15208326609f7670 gnupg-debuginfo-1.2.1-16.s390x.rpm

x86_64:
0e9ea49121b053d9a8bc67c50cf70673 gnupg-1.2.1-16.x86_64.rpm
46437be7724be2a7116e97006dccee11 gnupg-debuginfo-1.2.1-16.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gnupg-1.2.1-16.src.rpm
f173b3d78ec867a2f3111bdf974a274f gnupg-1.2.1-16.src.rpm

i386:
4a09e2928900d8a82c2d783c7eb2d296 gnupg-1.2.1-16.i386.rpm
585875422f491242ad70dba461de85ea gnupg-debuginfo-1.2.1-16.i386.rpm

x86_64:
0e9ea49121b053d9a8bc67c50cf70673 gnupg-1.2.1-16.x86_64.rpm
46437be7724be2a7116e97006dccee11 gnupg-debuginfo-1.2.1-16.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gnupg-1.2.1-16.src.rpm
f173b3d78ec867a2f3111bdf974a274f gnupg-1.2.1-16.src.rpm

i386:
4a09e2928900d8a82c2d783c7eb2d296 gnupg-1.2.1-16.i386.rpm
585875422f491242ad70dba461de85ea gnupg-debuginfo-1.2.1-16.i386.rpm

ia64:
9e5c54d0ab18653e474d55b7dbf239f4 gnupg-1.2.1-16.ia64.rpm
e9b95b54d37687b4450ab049305c3206 gnupg-debuginfo-1.2.1-16.ia64.rpm

x86_64:
0e9ea49121b053d9a8bc67c50cf70673 gnupg-1.2.1-16.x86_64.rpm
46437be7724be2a7116e97006dccee11 gnupg-debuginfo-1.2.1-16.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gnupg-1.2.1-16.src.rpm
f173b3d78ec867a2f3111bdf974a274f gnupg-1.2.1-16.src.rpm

i386:
4a09e2928900d8a82c2d783c7eb2d296 gnupg-1.2.1-16.i386.rpm
585875422f491242ad70dba461de85ea gnupg-debuginfo-1.2.1-16.i386.rpm

ia64:
9e5c54d0ab18653e474d55b7dbf239f4 gnupg-1.2.1-16.ia64.rpm
e9b95b54d37687b4450ab049305c3206 gnupg-debuginfo-1.2.1-16.ia64.rpm

x86_64:
0e9ea49121b053d9a8bc67c50cf70673 gnupg-1.2.1-16.x86_64.rpm
46437be7724be2a7116e97006dccee11 gnupg-debuginfo-1.2.1-16.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gnupg-1.2.6-5.src.rpm
6cf00ad0b97c9731e07a34adc1965493 gnupg-1.2.6-5.src.rpm

i386:
47e0360b4534d7220dd01f5dbdf11d72 gnupg-1.2.6-5.i386.rpm
c3a7f32d81cbf830f9143646288d04a6 gnupg-debuginfo-1.2.6-5.i386.rpm

ia64:
8bcbf0ee44c28eda3700601462f8f279 gnupg-1.2.6-5.ia64.rpm
0e8ac80c56798191601ba554fad08556 gnupg-debuginfo-1.2.6-5.ia64.rpm

ppc:
b5441d9d4ade66a04f4cdea1ddbdd307 gnupg-1.2.6-5.ppc.rpm
ea1d914777b585a1e41aea1939cefabb gnupg-debuginfo-1.2.6-5.ppc.rpm

s390:
d7b5cfdd8c6f094a296c158922fe9b2e gnupg-1.2.6-5.s390.rpm
3540be56fb0b644f0fefa4d38805109c gnupg-debuginfo-1.2.6-5.s390.rpm

s390x:
5d50e214254980abd03cd087eacf35bd gnupg-1.2.6-5.s390x.rpm
b653dc31175df5d2e2144cbb9a0a7399 gnupg-debuginfo-1.2.6-5.s390x.rpm

x86_64:
64689932318e0b756e64d1b4cfd4c850 gnupg-1.2.6-5.x86_64.rpm
45ccc6c12630ca9ac199edfc97b75fe9 gnupg-debuginfo-1.2.6-5.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gnupg-1.2.6-5.src.rpm
6cf00ad0b97c9731e07a34adc1965493 gnupg-1.2.6-5.src.rpm

i386:
47e0360b4534d7220dd01f5dbdf11d72 gnupg-1.2.6-5.i386.rpm
c3a7f32d81cbf830f9143646288d04a6 gnupg-debuginfo-1.2.6-5.i386.rpm

x86_64:
64689932318e0b756e64d1b4cfd4c850 gnupg-1.2.6-5.x86_64.rpm
45ccc6c12630ca9ac199edfc97b75fe9 gnupg-debuginfo-1.2.6-5.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gnupg-1.2.6-5.src.rpm
6cf00ad0b97c9731e07a34adc1965493 gnupg-1.2.6-5.src.rpm

i386:
47e0360b4534d7220dd01f5dbdf11d72 gnupg-1.2.6-5.i386.rpm
c3a7f32d81cbf830f9143646288d04a6 gnupg-debuginfo-1.2.6-5.i386.rpm

ia64:
8bcbf0ee44c28eda3700601462f8f279 gnupg-1.2.6-5.ia64.rpm
0e8ac80c56798191601ba554fad08556 gnupg-debuginfo-1.2.6-5.ia64.rpm

x86_64:
64689932318e0b756e64d1b4cfd4c850 gnupg-1.2.6-5.x86_64.rpm
45ccc6c12630ca9ac199edfc97b75fe9 gnupg-debuginfo-1.2.6-5.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gnupg-1.2.6-5.src.rpm
6cf00ad0b97c9731e07a34adc1965493 gnupg-1.2.6-5.src.rpm

i386:
47e0360b4534d7220dd01f5dbdf11d72 gnupg-1.2.6-5.i386.rpm
c3a7f32d81cbf830f9143646288d04a6 gnupg-debuginfo-1.2.6-5.i386.rpm

ia64:
8bcbf0ee44c28eda3700601462f8f279 gnupg-1.2.6-5.ia64.rpm
0e8ac80c56798191601ba554fad08556 gnupg-debuginfo-1.2.6-5.ia64.rpm

x86_64:
64689932318e0b756e64d1b4cfd4c850 gnupg-1.2.6-5.x86_64.rpm
45ccc6c12630ca9ac199edfc97b75fe9 gnupg-debuginfo-1.2.6-5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3082
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFEvLqFXlSAg2UNWIIRAs0GAKDC2yFB6ZYCJxKRVHkr2d+l7gQ5ywCdFzVw
a8vCYa9aPS+QiUSH2gr85Ck=
=gL1L
-----END PGP SIGNATURE-----