Login
Newsletter
Werbung

Sicherheit: Denial of Service in GnuPG
Aktuelle Meldungen Distributionen
Name: Denial of Service in GnuPG
ID: USN-1682-1
Distribution: Ubuntu
Plattformen: Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 11.10, Ubuntu 12.04 LTS, Ubuntu 12.10
Datum: Mi, 9. Januar 2013, 22:57
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6085
Applikationen: The GNU Privacy Guard

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============3694039476354426311==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enig9E64EC18A5528BB972257D38"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig9E64EC18A5528BB972257D38
Content-Type: text/plain; charset=ISO-8859-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1682-1
January 09, 2013

gnupg, gnupg2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS

Summary:

GnuPG could be made to corrupt the keyring if it imported a specially
crafted key.

Software Description:
- gnupg: GNU privacy guard - a free PGP replacement
- gnupg2: GNU privacy guard - a free PGP replacement

Details:

KB Sriram discovered that GnuPG incorrectly handled certain malformed keys.
If a user or automated system were tricked into importing a malformed key,
the GnuPG keyring could become corrupted.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
gnupg 1.4.11-3ubuntu4.1
gnupg2 2.0.17-2ubuntu3.1

Ubuntu 12.04 LTS:
gnupg 1.4.11-3ubuntu2.2
gnupg2 2.0.17-2ubuntu2.12.04.2

Ubuntu 11.10:
gnupg 1.4.11-3ubuntu1.11.10.2
gnupg2 2.0.17-2ubuntu2.11.10.2

Ubuntu 10.04 LTS:
gnupg 1.4.10-2ubuntu1.2
gnupg2 2.0.14-1ubuntu1.5

Ubuntu 8.04 LTS:
gnupg 1.4.6-2ubuntu5.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1682-1
CVE-2012-6085

Package Information:
https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu4.1
https://launchpad.net/ubuntu/+source/gnupg2/2.0.17-2ubuntu3.1
https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu2.2
https://launchpad.net/ubuntu/+source/gnupg2/2.0.17-2ubuntu2.12.04.2
https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu1.11.10.2
https://launchpad.net/ubuntu/+source/gnupg2/2.0.17-2ubuntu2.11.10.2
https://launchpad.net/ubuntu/+source/gnupg/1.4.10-2ubuntu1.2
https://launchpad.net/ubuntu/+source/gnupg2/2.0.14-1ubuntu1.5
https://launchpad.net/ubuntu/+source/gnupg/1.4.6-2ubuntu5.2



--------------enig9E64EC18A5528BB972257D38
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJQ7dKgAAoJEGVp2FWnRL6TgawP/R9Cmr3sn0nxFiXyH+qoltnB
dramVorS3CCAvaJUGeVuoPelB4dWcB/V0HNXrZjpcFo4EJISpyh1FTACcrNBrjn5
cEySPp82BP80hHHpyayvKgIA/+cEIHob7G4UiATIesrgRDpFQByjr8W2VupuHoj1
Ph5WgVlmv/WgeBU1RYgRWceM1csL7nD0P2XBj6unzvPf1vPaPP3iwVsuO6dgsFAJ
BvYxdL4u+idS+ILC9LhSXri33fMuEYvQNZpxnQjDzET0WKb5SFwwY+CNH4qAjOm6
E6OT3R29swflt/JhxtWDSGjn0SBJiaS8miNP4HW5wcuSX8Yq2fGPSChzYMqSklbd
m2bZ3+ro5E/1eyN65AO9D7QbVpexA3saLbTf03OKvkWaTTCI040C8/c24sycTDqq
7wvWGeqggCTK097+1wmumiiooAFU5STPrDNGy6imusCxbpo8DDuVRJb5skir0mvF
Zv/uoHiDZ18SF+ppHnzUlfshpawAhWnTrpMxfQ/PwXua+RFrEq0xIXkHe8RiUqni
MNV4OahOpn/ezFFcHI3CGkYLv2CP2KZsDYqERAVt8yT86xJinBQTDNPOOIZOKqvJ
UPy5+bt6z8I0CewMy0LCzfIHRAJ8vK4krt6MZdSjaf5SNs1kP4fq8GH4mNRyJkyM
w/9HpglkZuiz3N56+XjN
=AS1M
-----END PGP SIGNATURE-----

--------------enig9E64EC18A5528BB972257D38--


--===============3694039476354426311==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============3694039476354426311==--
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung