drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in gnupg
Name: |
Pufferüberlauf in gnupg
|
|
ID: |
DSA-061-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian potato |
|
Datum: |
So, 17. Juni 2001, 13:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
The GNU Privacy Guard |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE-----
------------------------------------------------------------------------ Debian Security Advisory DSA-061-1 security@debian.org http://www.debian.org/security/ Wichert Akkerman June 16, 2001 ------------------------------------------------------------------------
Package : gnupg Problem type : printf format attack web of trust pollution Debian-specific: no
The version of GnuPG (GNU Privacy Guard, an OpenPGP implementation) as distributed in Debian GNU/Linux 2.2 suffers from two problems:
fish stiqz reported on bugtraq that there was a printf format problem in the do_get() function: it printed a prompt which included the filename that was being decrypted without checking for possible printf format attacks. This could be exploited by tricking someone into decrypting a file with a specially crafted filename.
The second bug is related to importing secret keys: when gnupg imported a secret key it would immediately make the associated public key fully trusted which changes your web of trust without asking for a confirmation. To fix this you now need a special option to import a secret key.
Both problems have been fixed in version 1.0.6-0potato1.
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
Debian GNU/Linux 2.2 alias potato ---------------------------------
Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
Source archives: gnupg_1.0.6-0potato1.diff.gz MD5 checksum: 4928a4a589c11cadea852347d23edf5a gnupg_1.0.6-0potato1.dsc MD5 checksum: e6057febed9106dfc9f77fb61fbd0ca4 gnupg_1.0.6.orig.tar.gz MD5 checksum: 7c319a9e5e70ad9bc3bf0d7b5008a508
Alpha architecture: gnupg_1.0.6-0potato1_alpha.deb MD5 checksum: 76c3f586b91bba1c69a6fb6ea93a2fbd
ARM architecture: gnupg_1.0.6-0potato1_arm.deb MD5 checksum: 84a47897a38f44b07180e9a9ec16ab49
Intel IA-32 architecture: gnupg_1.0.6-0potato1_i386.deb MD5 checksum: d3a91ccc9d1c951b80afe17e59190db3
Motorola 680x0 architecture: gnupg_1.0.6-0potato1_m68k.deb MD5 checksum: 6b12f23b3c3840574af826db147ed9cd
PowerPC architecture: gnupg_1.0.6-0potato1_powerpc.deb MD5 checksum: a5a9bffdce2abf112c2058097f48f784
Sun Sparc architecture: gnupg_1.0.6-0potato1_sparc.deb MD5 checksum: 487c0d605ff5b3fdce2212d4e9c07bf0
These packages will be moved into the stable distribution on its next revision.
For not yet released architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
-- ---------------------------------------------------------------------------- apt-get: deb http://security.debian.org/ stable/updates main dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv
iQB1AwUBOyud7KjZR/ntlUftAQGn2AL9EYSvg7znskCLx5eY/mOjz3QQnDSEFXlj V8GSUZaSVpm5kNcb19pZIgfJEZe60CQIDesdnb8M7YaKyT65sFha+8yJvaVWsy+H 5Mp/lBEW8B3qvNYtScF6/XoXKpymOD2E =918n -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|
|
|
|