lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060626155753.GR29604@piware.de>
Date: Mon, 26 Jun 2006 17:57:53 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-304-1] gnupg vulnerability

=========================================================== 
Ubuntu Security Notice USN-304-1              June 26, 2006
gnupg vulnerability
CVE-2006-3082
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  gnupg                          1.2.5-3ubuntu5.4

Ubuntu 5.10:
  gnupg                          1.4.1-1ubuntu1.3

Ubuntu 6.06 LTS:
  gnupg                          1.4.2.2-1ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Evgeny Legerov discovered that GnuPG did not sufficiently check overly
large user ID packets. Specially crafted user IDs caused a buffer
overflow. By tricking an user or remote automated system into
processing a malicous GnuPG message, an attacker could exploit this to
crash GnuPG or possibly even execute arbitrary code.


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.4.diff.gz
      Size/MD5:    66657 258c3a5166f20a0859a3137a0154e661
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.4.dsc
      Size/MD5:      654 7d0e00dfc3d9c8008fa863ad082a8244
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5.orig.tar.gz
      Size/MD5:  3645308 9109ff94f7a502acd915a6e61d28d98a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.4_amd64.deb
      Size/MD5:   805972 eb80d914280ca0d14e518c2517303fca
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.4_amd64.udeb
      Size/MD5:   146410 b1fe302ef21bb1b2a861dca1648671c8

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.4_i386.deb
      Size/MD5:   750660 f7799aacd286de91cf1590d47f092fbf
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.4_i386.udeb
      Size/MD5:   121398 d3908ec7b4a400c372a887ffff90cd5c

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.4_powerpc.deb
      Size/MD5:   806578 76656bbbce1e59dee14a07c4d06c9169
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.4_powerpc.udeb
      Size/MD5:   135516 57192001042e37f1597cbe8d4cc96397

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.3.diff.gz
      Size/MD5:    21031 d2e00314a6319c80e40af374299b3cdb
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.3.dsc
      Size/MD5:      684 65b8ffc1c7f51d2920496eddadfb1236
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1.orig.tar.gz
      Size/MD5:  4059170 1cc77c6943baaa711222e954bbd785e5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.3_amd64.deb
      Size/MD5:  1136302 5b871cea504e1b520ac61ee0ace19452
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.3_amd64.udeb
      Size/MD5:   152178 97622cf5abc3f4923281d08536f816c0

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.3_i386.deb
      Size/MD5:  1044392 30c94fae4dbc994eed85d226b226a938
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.3_i386.udeb
      Size/MD5:   130644 216ff1f2393a2dd5bf5c814a5f33ae9f

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.3_powerpc.deb
      Size/MD5:  1119498 67ad3b4a3254334e85bd659e24a65bea
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.3_powerpc.udeb
      Size/MD5:   140162 38a01b4e3f447f6cd340d6d17b714180

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.3_sparc.deb
      Size/MD5:  1064176 4e4e2671d46f266792d6693208bd5b34
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.3_sparc.udeb
      Size/MD5:   139584 9d840a2108b3d999e8b0ad620a262f69

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.1.diff.gz
      Size/MD5:    19943 a04a4bdf67d9e86d15c8b89312b455e5
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.1.dsc
      Size/MD5:      692 90847403acb4d359f8b75ad345985b9d
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2.orig.tar.gz
      Size/MD5:  4222685 50d8fd9c5715ff78b7db0e5f20d08550

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.1_amd64.deb
      Size/MD5:  1066042 bb06afba5075ee71763b6391959cd074
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.1_amd64.udeb
      Size/MD5:   140274 3bfce59e90c5d356c743e0f7612ad2a6

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.1_i386.deb
      Size/MD5:   980840 4c677c20e0684b1271cc6606ab17a923
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.1_i386.udeb
      Size/MD5:   120298 cb027ca2dac06902a764a40ca2f02fe4

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.1_powerpc.deb
      Size/MD5:  1053332 20b7f093e43c9b8ea71c4860d4d312ae
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.1_powerpc.udeb
      Size/MD5:   130084 5035c386a599e112167cefd04964c911

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.1_sparc.deb
      Size/MD5:   993688 3aaaa181b7a003539bda014a71296b72
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.1_sparc.udeb
      Size/MD5:   127372 0f86bc1b29af92d85382e4d7bee4129d


Download attachment "signature.asc" of type "application/pgp-signature" (192 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ