drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Eingabeprüfung in gnupg
Name: |
Mangelnde Eingabeprüfung in gnupg |
|
ID: |
USN-264-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 4.10, Ubuntu 5.04, Ubuntu 5.10 |
|
Datum: |
Di, 4. April 2006, 10:54 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0049 |
|
Applikationen: |
The GNU Privacy Guard |
|
Originalnachricht |
--===============0857541036== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="KlAEzMkarCnErv5Q" Content-Disposition: inline
--KlAEzMkarCnErv5Q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
=========================================================== Ubuntu Security Notice USN-264-1 March 13, 2006 gnupg vulnerability CVE-2006-0049 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
gnupg
The problem can be corrected by upgrading the affected package to version 1.2.4-4ubuntu2.3 (for Ubuntu 4.10), 1.2.5-3ubuntu5.3 (for Ubuntu 5.04), or 1.4.1-1ubuntu1.2 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Tavis Ormandy discovered a flaw in gnupg's signature verification. In some cases, certain invalid signature formats could cause gpg to report a 'good signature' result for auxiliary unsigned data which was prepended or appended to the checked message part.
Updated packages for Ubuntu 4.10:
Source archives:
gnupg_1.2.4-4ubuntu2.3.diff.gz Size/MD5: 60031 fc55a23607cfac514084704155760cc8 gnupg_1.2.4-4ubuntu2.3.dsc Size/MD5: 621 c0d08dda5a9b2bd3f130b94784082dc5 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.4.orig.tar.gz Size/MD5: 3451202 adfab529010ba55533c8e538c0b042a2
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
gnupg_1.2.4-4ubuntu2.3_amd64.deb Size/MD5: 1722782 8556e99b322bdf18ef7bad54329410df
i386 architecture (x86 compatible Intel/AMD)
gnupg_1.2.4-4ubuntu2.3_i386.deb Size/MD5: 1667764 410203ad10b3eb99997faa56950958af
powerpc architecture (Apple Macintosh G3/G4/G5)
gnupg_1.2.4-4ubuntu2.3_powerpc.deb Size/MD5: 1721814 c6038008b123518fbf75f8547e1619a5
Updated packages for Ubuntu 5.04:
Source archives:
gnupg_1.2.5-3ubuntu5.3.diff.gz Size/MD5: 66069 42bba8259f5a074b89da1bb422889f1b gnupg_1.2.5-3ubuntu5.3.dsc Size/MD5: 654 5930a6888f76f726ea7076eff76f14e9 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5.orig.tar.gz Size/MD5: 3645308 9109ff94f7a502acd915a6e61d28d98a
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
gnupg_1.2.5-3ubuntu5.3_amd64.deb Size/MD5: 805910 4d69ba91dd0d2c79b54725d1bd139923 gpgv-udeb_1.2.5-3ubuntu5.3_amd64.udeb Size/MD5: 146442 a603783255829e50e444e859321e0001
i386 architecture (x86 compatible Intel/AMD)
gnupg_1.2.5-3ubuntu5.3_i386.deb Size/MD5: 750516 f8d97e8702866e76ba7b6ea5f946c4f0 gpgv-udeb_1.2.5-3ubuntu5.3_i386.udeb Size/MD5: 121348 1feb52e0c56d73302477a99569147519
powerpc architecture (Apple Macintosh G3/G4/G5)
gnupg_1.2.5-3ubuntu5.3_powerpc.deb Size/MD5: 806396 36ba1f3473c45060151e8f2089261172 gpgv-udeb_1.2.5-3ubuntu5.3_powerpc.udeb Size/MD5: 135406 a92ce4e3384f840cf48dc50de94c9d8d
Updated packages for Ubuntu 5.10:
Source archives:
gnupg_1.4.1-1ubuntu1.2.diff.gz Size/MD5: 20510 acff054f7255a23ce8cd7595a68ca2b8 gnupg_1.4.1-1ubuntu1.2.dsc Size/MD5: 684 70749478363ef5374259a66ef5517bb7 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1.orig.tar.gz Size/MD5: 4059170 1cc77c6943baaa711222e954bbd785e5
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
gnupg_1.4.1-1ubuntu1.2_amd64.deb Size/MD5: 1136048 31643c8b2e3cfcd8774ad17ceb5e8e0c gpgv-udeb_1.4.1-1ubuntu1.2_amd64.udeb Size/MD5: 152158 b7b70b5ee13b46854b9383b2a280aea0
i386 architecture (x86 compatible Intel/AMD)
gnupg_1.4.1-1ubuntu1.2_i386.deb Size/MD5: 1044172 cdf0e85e58ba4b760741a72c5c7e6603 gpgv-udeb_1.4.1-1ubuntu1.2_i386.udeb Size/MD5: 130664 2719e86828d066102cade3457de20a6a
powerpc architecture (Apple Macintosh G3/G4/G5)
gnupg_1.4.1-1ubuntu1.2_powerpc.deb Size/MD5: 1119252 208607aed4a4b0a4e27dc503e3c2147c gpgv-udeb_1.4.1-1ubuntu1.2_powerpc.udeb Size/MD5: 140140 85387ea67c3ab38f50641fdbfb124ede
--KlAEzMkarCnErv5Q Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (GNU/Linux)
iD8DBQFEFYFXDecnbV4Fd/IRAvtWAKCGLC3o+4UNmEheRldmMwW9Ape8tgCfQGn2 ZbECfn9QpD/cV/5wMPEwy2A= =SL6a -----END PGP SIGNATURE-----
--KlAEzMkarCnErv5Q--
--===============0857541036== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============0857541036==--
|
|
|
|