Sicherheit: Ausführen beliebiger Kommandos in GPGME

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============0184964678858396013==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="TSX1quLphAFmOsiea7MpHJCJivPTA1XHV"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--TSX1quLphAFmOsiea7MpHJCJivPTA1XHV
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-2307-1
August 06, 2014

gpgme1.0 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

GPGME could be made to crash or run programs as your login if it processed
a specially crafted certificate.

Software Description:
- gpgme1.0: GPGME - GnuPG Made Easy (library)

Details:

TomÃ¡Å¡ Trnka discovered that GPGME incorrectly handled certain certificate
line lengths. An attacker could use this issue to cause applications using
GPGME to crash, resulting in a denial of service, or possibly execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
libgpgme11 1.4.3-0.1ubuntu5.1

Ubuntu 12.04 LTS:
libgpgme11 1.2.0-1.4ubuntu2.1

Ubuntu 10.04 LTS:
libgpgme11 1.2.0-1.2ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2307-1
CVE-2014-3564

Package Information:
https://launchpad.net/ubuntu/+source/gpgme1.0/1.4.3-0.1ubuntu5.1
https://launchpad.net/ubuntu/+source/gpgme1.0/1.2.0-1.4ubuntu2.1
https://launchpad.net/ubuntu/+source/gpgme1.0/1.2.0-1.2ubuntu1.1

--TSX1quLphAFmOsiea7MpHJCJivPTA1XHV
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJT4i7tAAoJEGVp2FWnRL6T8zoP+wRiHxeasx3NSC92Z4/9Zemh
ddejOAGIN0eAWaiX4+BUAt0JZiB9u/RU0frG0cj2ssbBHIJP6HPBoGtIUXTBd8I9
MQwNzsDQbi+E/tDc82V7xasOHqJSppbUAr8gm8JAr5z5wkMxGPB9pw4HIVASGX0r
7wP/cM2qS6mW/+EqB1zOCC0s+GQU/jKHnO6Wtqt/I/DP9r3rPl7wmS/W1QnWBkM2
oI1rC1unpOVjcM6CWMlNY/tlLyGRncX0DXsFBm7fh2pIY5sEvdz9GUMsyl6urdpQ
fhpe5DfgwUKdFrttc8yOBKxCjN3d6X7X4GlAhj7g9SgwmE6okzjbCKjLqf3DpJQb
h+XNkz9eqF93HMvnAf6pw1tKKqxsQDn95yVl5EyQoAMD4voQGuy9UF3MxfNQTA1M
g5jj6Yb6a+elJjVu8NVPn7bDGpLSBskBZbN4MnnVc2mS8mPrFAKvYbpjOT+NHqfA
xsgD3SteEfOf6PC/IxvAbAKOed15EQrQLgOAV6PN7ZwZVFPxeRn5uU9l91gY8u2O
nisU7piLW/boMP1PVPawmdlYXwZJOQ4/n4K9BSLkpW7qVAK9lU9PcQFi570jqs5t
s1I9nZIiXT1VRvG0AzdU5ilFpu4MxMR7J7XXjN3Mc5VKC1UtnWyTaALitfFuOfBg
Co6lCMG7I9vSJSX5vGjL
=088u
-----END PGP SIGNATURE-----

--TSX1quLphAFmOsiea7MpHJCJivPTA1XHV--

--===============0184964678858396013==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============0184964678858396013==--