TUCoPS :: Linux :: Ubuntu :: b06-4021.htm

gnupg vulnerability
gnupg vulnerability
gnupg vulnerability



--fmvA4kSBHQVZhkR6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

=========================================================== 
Ubuntu Security Notice USN-332-1            August 03, 2006
gnupg vulnerability
CVE-2006-3746
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  gnupg                                    1.2.5-3ubuntu5.5

Ubuntu 5.10:
  gnupg                                    1.4.1-1ubuntu1.4

Ubuntu 6.06 LTS:
  gnupg                                    1.4.2.2-1ubuntu2.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Evgeny Legerov discovered that gnupg did not sufficiently check the
validity of the comment and a control field. Specially crafted GPG
data could cause a buffer overflow. This could be exploited to execute
arbitrary code with the user's privileges if an attacker can trick an
user into processing a malicious encrypted/signed document with gnupg.


Updated packages for Ubuntu 5.04:

  Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.5.diff.gz 
      Size/MD5:    67172 29ae368ce975c0ba45f5f8faab3544eb
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.5.dsc 
      Size/MD5:      654 b77427b0e347fd51822fbded59629c39
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5.orig.tar.gz 
      Size/MD5:  3645308 9109ff94f7a502acd915a6e61d28d98a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.5_amd64.deb 
      Size/MD5:   806304 ed9984ee4c43817ad4bfaac0318dacd2
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.5_amd64.udeb 
      Size/MD5:   146492 1761ff0057e8c5fc1290bb6fea061fff

  i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.5_i386.deb 
      Size/MD5:   750870 327780d0bc5b4492cfb2d91d81ce1e4d
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.5_i386.udeb 
      Size/MD5:   121414 755b78879ae2ff649831bc4258ec9cd0

  powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.5_powerpc.deb 
      Size/MD5:   806802 659c72a26c312d0a21dfca0ef8168dc1
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.5_powerpc.udeb 
      Size/MD5:   135552 738c35bc6fce9b6c23a85bcd8e805d31

Updated packages for Ubuntu 5.10:

  Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4.diff.gz 
      Size/MD5:    21517 ce1cea807240a851dc29c0ad1c8e3824
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4.dsc 
      Size/MD5:      684 75bea35501b917876414e63811e4724f
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1.orig.tar.gz 
      Size/MD5:  4059170 1cc77c6943baaa711222e954bbd785e5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4_amd64.deb 
      Size/MD5:  1136488 845e1771e0f8437a7d77b8ffcdc13b5a
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.4_amd64.udeb 
      Size/MD5:   152266 3a4de994f65e12058b69eeb3940d8c9f

  i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4_i386.deb 
      Size/MD5:  1044632 f8da3941df01cced12e35fb0c4bf3e53
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.4_i386.udeb 
      Size/MD5:   130694 3af2232b978645923226a0cb6714475d

  powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4_powerpc.deb 
      Size/MD5:  1119760 3a01f0ee2ba319d6d884b84f82b25f2d
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.4_powerpc.udeb 
      Size/MD5:   140248 a61c84caeecffb3b3c3207b28a84e8ab

  sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4_sparc.deb 
      Size/MD5:  1064344 258595b36dd297f5100cc82f59717e54
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.4_sparc.udeb 
      Size/MD5:   139584 58cc4a91254ea52878b4df2873ad22c2

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2.diff.gz 
      Size/MD5:    20451 b0c637087a904197f957c32b6364417d
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2.dsc 
      Size/MD5:      692 84098e8a7001961c8141eb8ea4f3dcde
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2.orig.tar.gz 
      Size/MD5:  4222685 50d8fd9c5715ff78b7db0e5f20d08550

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2_amd64.deb 
      Size/MD5:  1066284 23f4741e2da976dd050d38c5da08e9f8
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.2_amd64.udeb 
      Size/MD5:   140296 c53b5fbc2cc73451b72875907cc417c1

  i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2_i386.deb 
      Size/MD5:   981204 ed7bcc9d4a3442efbcac2f4b99a2b57d
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.2_i386.udeb 
      Size/MD5:   120282 031ef43bea646c9687a8e9d1929ad988

  powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2_powerpc.deb 
      Size/MD5:  1053660 7ee4f7add0d48f056fb0fc964b85b032
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.2_powerpc.udeb 
      Size/MD5:   130170 fe7a1606cc65d71fce2b7e7f3fab88dc

  sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2_sparc.deb 
      Size/MD5:   993782 025a2fbe8c4a466b37b2a455226f3876
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.2_sparc.udeb 
      Size/MD5:   127434 2d5a6522372b8c645a2fb5b37bb1e846


--fmvA4kSBHQVZhkR6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFE0cgFDecnbV4Fd/IRAj9EAJ9swTC6kXC5v01uhoKwhvL1QYPdigCcD1uN
UGFyoz/Z+SUFSFqZT20c/0w=dhN+
-----END PGP SIGNATURE-----

--fmvA4kSBHQVZhkR6--

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH