Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
USN-170-1: gnupg vulnerability
Posted by Philipp Esselbach on: 08/20/2005 06:27 AM [ Print | 0 comment(s) ]
A gnupg security update has been released for Ubuntu Linux 4.10 and 5.04
==========================================================
Ubuntu Security Notice USN-170-1 August 19, 2005
gnupg vulnerability
CAN-2005-0366
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
gnupg
The problem can be corrected by upgrading the affected package to version 1.2.4-4ubuntu2.1 (for Ubuntu 4.10), or 1.2.5-3ubuntu5.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes.
==========================================================
Ubuntu Security Notice USN-170-1 August 19, 2005
gnupg vulnerability
CAN-2005-0366
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
gnupg
The problem can be corrected by upgrading the affected package to version 1.2.4-4ubuntu2.1 (for Ubuntu 4.10), or 1.2.5-3ubuntu5.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Serge Mister and Robert Zuccherato discovered a weakness of the symmetrical encryption algorithm of gnupg. When decrypting a message, gnupg uses a feature called "quick scan"; this can quickly check whether the key that is used for decryption is (probably) the right one, so that wrong keys can be determined quickly without decrypting the whole message.
A failure of the quick scan will be determined much faster than a successful one. Mister/Zuccherato demonstrated that this timing difference can be exploited to an attack which allows an attacker to decrypt parts of an encrypted message if an "oracle" is available, i. e. an automatic system that receives random encrypted messages from the attacker and answers whether it passes the quick scan check.
However, since the attack requires a huge amount of oracle answers (about 32.000 for every 16 bytes of ciphertext), this attack is mostly theoretical. It does not have any impact on human operation of gnupg and is not believed to be exploitable in practice.
The updated packages disable the quick check, which renders this timing attack impossible.
Updated packages for Ubuntu 4.10 (Warty Warthog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubuntu2.1.diff.gz
Size/MD5: 56779 535ca76d0ef8e62ca39885695a09b55e
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubuntu2.1.dsc
Size/MD5: 619 8fb0039e446c6c43670d1d46dbdcec4f
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4.orig.tar.gz
Size/MD5: 3451202 adfab529010ba55533c8e538c0b042a2
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubuntu2.1_amd64.deb
Size/MD5: 1721956 c5ad08ee5c515a4704d90995cce78d24
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubuntu2.1_i386.deb
Size/MD5: 1667010 a5bee7d9a0806a8cfc34e9fa630170ee
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubuntu2.1_powerpc.deb
Size/MD5: 1721372 63e8981a1811f86885a94ce852d5d692
Updated packages for Ubuntu 5.04 (Hoary Hedgehog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.1.diff.gz
Size/MD5: 63056 504f55111886a4b9374c194fa03f53c8
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.1.dsc
Size/MD5: 654 82a302b486f65b7a1c7c4cbf44450729
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5.orig.tar.gz
Size/MD5: 3645308 9109ff94f7a502acd915a6e61d28d98a
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.1_amd64.deb
Size/MD5: 805058 7df82bdac6114a8901be677df747ba3e
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.1_amd64.udeb
Size/MD5: 146276 0229d7a37bb97926a600c8adf1d56afe
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.1_i386.deb
Size/MD5: 750094 e8653aba101299b9964873b097911ed5
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.1_i386.udeb
Size/MD5: 121180 7576662e8ffd07063b1f349f75cab0d0
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.1_powerpc.deb
Size/MD5: 805618 3a2da610043d28171e839ed0a1c20148
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.1_powerpc.udeb
Size/MD5: 135250 ae393ff66004dccca13f9245d932218e
Serge Mister and Robert Zuccherato discovered a weakness of the symmetrical encryption algorithm of gnupg. When decrypting a message, gnupg uses a feature called "quick scan"; this can quickly check whether the key that is used for decryption is (probably) the right one, so that wrong keys can be determined quickly without decrypting the whole message.
A failure of the quick scan will be determined much faster than a successful one. Mister/Zuccherato demonstrated that this timing difference can be exploited to an attack which allows an attacker to decrypt parts of an encrypted message if an "oracle" is available, i. e. an automatic system that receives random encrypted messages from the attacker and answers whether it passes the quick scan check.
However, since the attack requires a huge amount of oracle answers (about 32.000 for every 16 bytes of ciphertext), this attack is mostly theoretical. It does not have any impact on human operation of gnupg and is not believed to be exploitable in practice.
The updated packages disable the quick check, which renders this timing attack impossible.
Updated packages for Ubuntu 4.10 (Warty Warthog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubuntu2.1.diff.gz
Size/MD5: 56779 535ca76d0ef8e62ca39885695a09b55e
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubuntu2.1.dsc
Size/MD5: 619 8fb0039e446c6c43670d1d46dbdcec4f
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4.orig.tar.gz
Size/MD5: 3451202 adfab529010ba55533c8e538c0b042a2
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubuntu2.1_amd64.deb
Size/MD5: 1721956 c5ad08ee5c515a4704d90995cce78d24
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubuntu2.1_i386.deb
Size/MD5: 1667010 a5bee7d9a0806a8cfc34e9fa630170ee
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4-4ubuntu2.1_powerpc.deb
Size/MD5: 1721372 63e8981a1811f86885a94ce852d5d692
Updated packages for Ubuntu 5.04 (Hoary Hedgehog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.1.diff.gz
Size/MD5: 63056 504f55111886a4b9374c194fa03f53c8
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.1.dsc
Size/MD5: 654 82a302b486f65b7a1c7c4cbf44450729
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5.orig.tar.gz
Size/MD5: 3645308 9109ff94f7a502acd915a6e61d28d98a
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.1_amd64.deb
Size/MD5: 805058 7df82bdac6114a8901be677df747ba3e
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.1_amd64.udeb
Size/MD5: 146276 0229d7a37bb97926a600c8adf1d56afe
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.1_i386.deb
Size/MD5: 750094 e8653aba101299b9964873b097911ed5
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.1_i386.udeb
Size/MD5: 121180 7576662e8ffd07063b1f349f75cab0d0
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.1_powerpc.deb
Size/MD5: 805618 3a2da610043d28171e839ed0a1c20148
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.1_powerpc.udeb
Size/MD5: 135250 ae393ff66004dccca13f9245d932218e
