Debian: New GnuPG packages fix denial of service

    Date10 Jul 2006
    CategoryDebian
    4426
    Posted ByLinuxSecurity Advisories
    Evgeny Legerov discovered that gnupg, the GNU privacy guard, a free PGP replacement contains an integer overflow that can cause a segmentation fault and possibly overwrite memory via a large user ID strings.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1107-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    July 10th, 2006                         http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : gnupg
    Vulnerability  : integer overflow
    Problem type   : local (remote)
    Debian-specific: no
    CVE ID         : CVE-2006-3082
    
    Evgeny Legerov discovered that gnupg, the GNU privacy guard, a free
    PGP replacement contains an integer overflow that can cause a
    segmentation fault and possibly overwrite memory via a large user ID
    strings.
    
    For the old stable distribution (woody) this problem has been fixed in
    version 1.0.6-4woody6.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 1.4.1-1.sarge4.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 1.4.3-2.
    
    We recommend that you upgrade your gnupg package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given at the end of this advisory:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6.dsc
          Size/MD5 checksum:      577 40a60f7ff8a7c36e4ffb308caa350e70
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6.diff.gz
          Size/MD5 checksum:     8597 add04b0a8c391de7134cca7c943d15d9
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6.orig.tar.gz
          Size/MD5 checksum:  1941676 7c319a9e5e70ad9bc3bf0d7b5008a508
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_alpha.deb
          Size/MD5 checksum:  1151184 3c46ca0e7a42f819619ba2a021a38eb9
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_arm.deb
          Size/MD5 checksum:   987554 843109424859d6a1006898419d6d642e
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_i386.deb
          Size/MD5 checksum:   966904 8ffd681040a2d466389f058e25ae29ae
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_ia64.deb
          Size/MD5 checksum:  1272488 5dcf85dd73bd2015438fd995a16762e5
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_hppa.deb
          Size/MD5 checksum:  1060316 22496f4150fd2334f7504deff0c474a1
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_m68k.deb
          Size/MD5 checksum:   942994 bc7eede5abdcbe721ff81a5e242ebfb6
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_mips.deb
          Size/MD5 checksum:  1036510 5e5824568a6a4b50851513c27db5a139
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_mipsel.deb
          Size/MD5 checksum:  1036966 792c1f9b0f61349001a789b08bf862d8
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_powerpc.deb
          Size/MD5 checksum:  1010208 6f1b3a058b7afab16a35ccba4d6b107e
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_s390.deb
          Size/MD5 checksum:  1002808 80b5ca38f239a23c8e2119b39966279b
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_sparc.deb
          Size/MD5 checksum:  1003856 aa89804a111cdbede9845a8eb179f9d2
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4.dsc
          Size/MD5 checksum:      680 006a79b9793ba193aa227850c11984dd
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4.diff.gz
          Size/MD5 checksum:    20197 488b0289778532beb0608b8dca7982a7
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1.orig.tar.gz
          Size/MD5 checksum:  4059170 1cc77c6943baaa711222e954bbd785e5
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_alpha.deb
          Size/MD5 checksum:  2155794 cb1d024d2cae8c132bafe3422a2d1b3e
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_amd64.deb
          Size/MD5 checksum:  1963478 d0d3432b4b5968d2f837414b4202afe9
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_arm.deb
          Size/MD5 checksum:  1899338 b670611700f39489ea99517eb50678a9
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_i386.deb
          Size/MD5 checksum:  1908580 0f8623e8b3a59e9c8101fa2f7c23f576
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_ia64.deb
          Size/MD5 checksum:  2325178 fb8ba4735f0769f7c21e974321bd7c89
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_hppa.deb
          Size/MD5 checksum:  2003982 14149a1cee79407a1f99e5ae340dd501
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_m68k.deb
          Size/MD5 checksum:  1811020 dc751374cc6f994782e7de9ed5fd77ea
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_mips.deb
          Size/MD5 checksum:  2000688 0d44abe0cc416c06d63699a6c77b232d
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_mipsel.deb
          Size/MD5 checksum:  2007524 e59ad95cf552d2a4cb31a11b4db50147
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_powerpc.deb
          Size/MD5 checksum:  1957934 62443926a7a4fe049e62a8515a0ecb27
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_s390.deb
          Size/MD5 checksum:  1967012 a6b8d7173799fc57e46456a305f97d78
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_sparc.deb
          Size/MD5 checksum:  1897410 6f793e910bb6a793c96c875059626914
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":51.32,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.47,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"26","type":"x","order":"3","pct":34.21,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.