Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
172
security advisorygnupgcriticalUbuntu 22.04 LTS: USN-5503-1 Critical GnuPG Forged Signature Threat
GnuPG could allow forged signatures.. =========================================================================Ubuntu Security Notice USN-5503-1 July 05, 2022 gnupg2 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: GnuPG could allow forged signatures. Software Description: - gnupg2: GNU privacy guard - a free PGP replacement Details: Demi Marie Obenour discovered that GnuPG incorrectly handled injection in the status message. A remote attacker could possibly use this issue to forge signatures. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: gnupg 2.2.27-3ubuntu2.1 gnupg2 2.2.27-3ubuntu2.1 gpg 2.2.27-3ubuntu2.1 Ubuntu 21.10: gnupg 2.2.20-1ubuntu4.1 gnupg2 2.2.20-1ubuntu4.1 gpg 2.2.20-1ubuntu4.1 Ubuntu 20.04 LTS: gnupg 2.2.19-3ubuntu2.2 gnupg2 2.2.19-3ubuntu2.2 gpg 2.2.19-3ubuntu2.2 Ubuntu 18.04 LTS: gnupg 2.2.4-1ubuntu1.6 gnupg2 2.2.4-1ubuntu1.6 gpg 2.2.4-1ubuntu1.6 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5503-1 CVE-2022-34903 Package Information: https://launchpad.net/ubuntu/+source/gnupg2/2.2.27-3ubuntu2.1 https://launchpad.net/ubuntu/+source/gnupg2/2.2.20-1ubuntu4.1 https://launchpad.net/ubuntu/+source/gnupg2/2.2.19-3ubuntu2.2 https://launchpad.net/ubuntu/+source/gnupg2/2.2.4-1ubuntu1.6 . Critical GnuPG flaw permits counterfeitsignatures across various Ubuntu iterations. Protect your system by performing an immediate update!. Ubuntu Security Update,GPG vulnerability,GnuPG patch,forged signatures. . Severity: Critical. LinuxSecurity.com Team
Jul 05, 2022
•Critical
Ubuntu
100
security advisoryupdateimportantSUSE: 2018:1698-1 Critical Update for gpg2 Decryption Issue Resolved
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for gpg2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1698-1 Rating: important References: #1096745 Cross-References: CVE-2018-12020 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gpg2 fixes the following security issue: - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option (bsc#1096745) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1141=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1141=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1141=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -tpatch SUSE-SLE-SERVER-12-SP3-2018-1141=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1141=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1141=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1141=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1141=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1141=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1141=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): gpg2-2.0.24-9.3.1 gpg2-debuginfo-2.0.24-9.3.1 gpg2-debugsource-2.0.24-9.3.1 - SUSE OpenStack Cloud 7 (noarch): gpg2-lang-2.0.24-9.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): gpg2-2.0.24-9.3.1 gpg2-debuginfo-2.0.24-9.3.1 gpg2-debugsource-2.0.24-9.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): gpg2-lang-2.0.24-9.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): gpg2-2.0.24-9.3.1 gpg2-debuginfo-2.0.24-9.3.1 gpg2-debugsource-2.0.24-9.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): gpg2-lang-2.0.24-9.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gpg2-2.0.24-9.3.1 gpg2-debuginfo-2.0.24-9.3.1 gpg2-debugsource-2.0.24-9.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): gpg2-lang-2.0.24-9.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): gpg2-2.0.24-9.3.1 gpg2-debuginfo-2.0.24-9.3.1 gpg2-debugsource-2.0.24-9.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): gpg2-lang-2.0.24-9.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): gpg2-2.0.24-9.3.1 gpg2-debuginfo-2.0.24-9.3.1 gpg2-debugsource-2.0.24-9.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): gpg2-lang-2.0.24-9.3.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): gpg2-2.0.24-9.3.1 gpg2-debuginfo-2.0.24-9.3.1 gpg2-debugsource-2.0.24-9.3.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): gpg2-lang-2.0.24-9.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gpg2-2.0.24-9.3.1 gpg2-debuginfo-2.0.24-9.3.1 gpg2-debugsource-2.0.24-9.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): gpg2-lang-2.0.24-9.3.1 - SUSE Enterprise Storage 4 (x86_64): gpg2-2.0.24-9.3.1 gpg2-debuginfo-2.0.24-9.3.1 gpg2-debugsource-2.0.24-9.3.1 - SUSE Enterprise Storage 4 (noarch): gpg2-lang-2.0.24-9.3.1 - SUSE CaaS Platform ALL (x86_64): gpg2-2.0.24-9.3.1 gpg2-debuginfo-2.0.24-9.3.1 gpg2-debugsource-2.0.24-9.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): gpg2-2.0.24-9.3.1 gpg2-debuginfo-2.0.24-9.3.1 gpg2-debugsource-2.0.24-9.3.1 References: https://www.suse.com/security/cve/CVE-2018-12020.html https://bugzilla.suse.com/1096745 . SUSE A vital patch has been released to tackle a significant vulnerability in gpg2, bolstering the overall security and reliability of the system.. gpg2 Update,SUSE Security Update,OpenStack patch,Important Security Fix. . Severity: Important. LinuxSecurity.com Team
Jun 15, 2018
•Important
SuSE
89
security advisoryfedoracriticalFedora 26: 2017-856a149a4c Critical: Thunderbird-Enigmail Security Issue
Update to 1.9.9. This release addresses security vulnerabilities discovered by Cure53. Details can be found in the Security Audit Report: https://enigmail.net/index.php/en/ download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-856a149a4c 2017-12-30 18:09:27.613215 --------------------------------------------------------------------------------Name : thunderbird-enigmail Product : Fedora 26 Version : 1.9.9 Release : 1.fc26 URL : https://enigmail.net/index.php/en/ Summary : Authentication and encryption extension for Mozilla Thunderbird Description : Enigmail is an extension to the mail client Mozilla Thunderbird which allows users to access the authentication and encryption features provided by GnuPG --------------------------------------------------------------------------------Update Information: Update to 1.9.9. This release addresses security vulnerabilities discovered by Cure53. Details can be found in the Security Audit Report: https://enigmail.net/index.php/en/ download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf --------------------------------------------------------------------------------References: [ 1 ] Bug #1528403 - thunderbird-enigmail: Multiple flaws fixed in 1.9.9 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1528403 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade thunderbird-enigmail' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Dec 30, 2017
•Critical
Fedora
100
security advisorycriticalsoftware updateFedora: Critical GPG Signature Bypass Issue Reported in 2021-045
When printing a text stream with a GPG signature it was possible When printing a text stream with a GPG signature it was possible for an attacker to create a stream with "unsigned text, signed text" for an attacker to create a stream with "unsigned text, signed text" where both unsigned and signed text would be shown without distinction which one was signed and which part wasn't. This problem is [More...]. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: gpg Announcement ID: SUSE-SA:2007:024 Date: Fri, 30 Mar 2007 13:00:00 +0000 Affected Products: SUSE LINUX 9.3 SUSE LINUX 10.0 SUSE LINUX 10.1 openSUSE 10.2 UnitedLinux 1.0 SuSE Linux Enterprise Server 8 SuSE Linux Openexchange Server 4 SuSE Linux Desktop 1.0 SuSE Linux Standard Server 8 SuSE Linux School Server SUSE LINUX Retail Solution 8 SUSE SLES 9 Novell Linux Desktop 9 Open Enterprise Server Novell Linux POS 9 SUSE SLED 10 SUSE SLES 10 Vulnerability Type: signature bypassing Severity (1-10): 5 SUSE Default Package: yes Cross-References: CVE-2007-1263 Content of This Advisory: 1) Security Vulnerability Resolved: gpg signature bypassing Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) PackageLocation and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion When printing a text stream with a GPG signature it was possible for an attacker to create a stream with "unsigned text, signed text" where both unsigned and signed text would be shown without distinction which one was signed and which part wasn't. This problem is tracked by the Mitre CVE ID CVE-2007-1263. The update introduces a new option --allow-multiple-messages to print out such messages in the future, by default it only prints and handles the first one. gpg2 and various clients using GPG to check digital signatures are affected too, but will be fixed separately. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes None. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv to apply the update, replacing with the filename of the downloaded RPM package. x86 Platform: openSUSE 10.2: 7e8844844d89dec746bb0f2e6faecd4f SUSE LINUX 10.1: 0a26653f3fa65d46e4e192539c7ace01 SUSE LINUX 10.0: 758b8a3198153d484ec09a6b1d760fb2 SUSE LINUX 9.3: 447e593b1328e0a8c0900c525be488f5 Power PC Platform: openSUSE 10.2: 2a709e1eb6a22ace9eeba678a771ccff SUSE LINUX 10.1: 0258f25101194c8ed1d39511748baef5 SUSE LINUX 10.0: d8c8873e538881723d7b98cafc6402ea x86-64 Platform: openSUSE 10.2: 2535c0dd40a972c7e028ac0d60d00aeb SUSE LINUX 10.1: 88ab493766d181b2aeb85e9ba41d0f04 SUSE LINUX 10.0: c8abc6fc65e284c64f4259d8d50dd1b8 SUSE LINUX 9.3: 0c5aa6ad775f5746256d7960adbeb86b Sources: openSUSE 10.2: 3fd3ae52f6a004a24d2fd4d822a88d67 SUSE LINUX 10.1: b691ff4ff478979dfe5dc1e0f6534272 SUSE LINUX 10.0: e05305b96b232bef94eaa06249471c51 SUSE LINUX 9.3: 9bc52a7b1845bbeb23858b92696fe67b Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: UnitedLinux 1.0 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.html SuSE Linux Openexchange Server 4 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.html Open Enterprise Server http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.html Novell Linux POS 9 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.html Novell Linux Desktop 9 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.html SuSE Linux Enterprise Server 8 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.html SuSE Linux Standard Server 8 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.html SuSE Linux School Server http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.html SUSE LINUX Retail Solution 8 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.html SuSE Linux Desktop 1.0 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.html SUSE SLES 10 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.html SUSE SLED 10 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.html SUSE SLES 9 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.html ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify replacing with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team " where is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of therpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig to verify the signature of the package, replacing with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from
Mar 30, 2007
•Critical
SuSE
100
security advisoryremote code executionmoderate severitySUSE: 2006:075 Moderate: GPG Remote Code Execution Threat
Two security problems were fixed in the GNU Privacy Guard (GPG). Two security problems were fixed in the GNU Privacy Guard (GPG). - Specially crafted files could overflow a buffer when gpg was usedin interactive mode (CVE-2006-6169). - Specially crafted files could modify a function pointer andcould potentially execute code this way. (CVE-2006-6235).. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: gpg,gpg2 Announcement ID: SUSE-SA:2006:075 Date: Wed, 13 Dec 2006 12:00:00 +0000 Affected Products: Novell Linux Desktop 9 Novell Linux POS 9 Open Enterprise Server openSUSE 10.2 SUSE LINUX 10.1 SUSE LINUX 10.0 SUSE LINUX 9.3 SuSE Linux Desktop 1.0 SuSE Linux Enterprise Server 8 SuSE Linux Openexchange Server 4 SUSE LINUX Retail Solution 8 SuSE Linux School Server SuSE Linux Standard Server 8 SUSE SLED 10 SUSE SLES 10 SUSE SLES 9 UnitedLinux 1.0 Vulnerability Type: remote code execution Severity (1-10): 8 SUSE Default Package: yes Cross-References: CVE-2006-6169, CVE-2006-6235 Content of This Advisory: 1) Security Vulnerability Resolved: two security problems in GPG Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Two security problems were fixed in the GNU Privacy Guard (GPG). - Specially crafted files could overflow a buffer when gpg was used in interactive mode (CVE-2006-6169). - Specially crafted files could modify a function pointer and could potentially execute code this way. (CVE-2006-6235). Update for all SUSE Linux based products have been released. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes None. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv to apply the update, replacing with the filename of the downloaded RPM package. x86 Platform: openSUSE 10.2: 0032014cef28fd9d575ca9d56886dc9a 8cdf17f4928497c703df0986012bd924 SUSE LINUX 10.1: 714ad111277495f85fb4d75c07a436e1 df328ffaa0b0fa34e70932dd8eafd399 SUSE LINUX 10.0: bbdac2ac9cf42f2e0744f93c7a27bd64 6b96bf0aa835b5c5a6d38f3fe9baa020 SUSE LINUX 9.3: 1f188d6e98593753dbf0115758c60700 493bb161ab9a0ee7e8b687da49fc874f Power PC Platform: openSUSE 10.2: 8ba71e773c0ed4bfad10017d4f0ad769 04e4aa189832a2834ac843d3d216b560 SUSE LINUX 10.1: 87d3e2efab5fda6d0c0fb0228e8089eb 9ecd1af3d67515388dc5f9c797d33fde SUSE LINUX 10.0: 36dd086f17d69a2344387249f4f59828 0b0a3f42511f722f1113ceb2ddb1fe42 x86-64 Platform: openSUSE 10.2: 178ec43c6b057b055e64fd8ce3b370f3 a480e34bc72c13902b060774a8c93614 SUSE LINUX 10.1: 424104d7e79aa13997a9cd5bf48daaed f9813d58d65585d3216ce4a514288e60 SUSE LINUX 10.0: 542621ad20461324061e95d757f062a9 6e40568843721500e6e7a01e49478be5 SUSE LINUX 9.3: d0857cd1ef3d71961e866f56c565b32d 20eb29a34cd71e5d1fa86bb53522a5ca Sources: openSUSE 10.2: 8b319a4138cc1ff4304dc45c369936c6 6ea5c120e635118233a97c5877ca10c0 SUSE LINUX 10.1: 551331ff3994d1e0a6a1c893f9d99c84 4dcf00273942790ccc8945f1badb441d SUSE LINUX 10.0: 47425c0af8df3d11100bc938db0d9141 d76d488c78aa5c047f9d0d3a72bb1509 SUSE LINUX 9.3: 86c9afba71507f0d4f3f7e88fa599ea1 a911124ed914970d7c458caf03ddd709 Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: UnitedLinux 1.0 SuSE Linux Openexchange Server 4 Open Enterprise Server Novell Linux POS 9 SuSE Linux Enterprise Server 8 SuSE Linux Standard Server 8 SuSE Linux School Server SUSE LINUX Retail Solution 8 SuSE Linux Desktop 1.0 SUSE SLES 9 http://support.novell.com/techcenter/psdb/440643b5b7f99c513f043f911ca9d906.html Novell Linux Desktop 9 SUSE SLES 10 SUSE SLED 10 http://support.novell.com/techcenter/psdb/440643b5b7f99c513f043f911ca9d906.html http://support.novell.com/techcenter/psdb/d29d6e06422f5a6d9e87580b666bbb83.html ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security SummaryReport. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify replacing with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team " where is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig to verify the signature of the package, replacing with the filename of the RPM package downloaded. The package isunmodified if it contains a valid signature from
Dec 13, 2006
•Important
SuSE
100
security advisorycriticalremote code executionSUSE: 2006-013 Critical: GPG Signature Problems - Remote Code Execution
This is a reissue of SUSE-SA:2006:009, after we found out that also This is a reissue of SUSE-SA:2006:009, after we found out that also gpg version < 1.4.x are affected by the signature checking problem gpg version < 1.4.x are affected by the signature checking problem of CVE-2006-0455. With certain handcraft-able signatures GPG was returning a 0 (valid signature) when used on command-line with o [More...]. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: gpg,liby2util Announcement ID: SUSE-SA:2006:013 Date: Wed, 01 Mar 2006 11:00:00 +0000 Affected Products: SUSE LINUX 10.0 SUSE LINUX 9.3 SUSE LINUX 9.2 SUSE LINUX 9.1 SuSE Linux Desktop 1.0 SuSE Linux Enterprise Server 8 SUSE LINUX Enterprise Server 9 UnitedLinux 1.0 Open Enterprise Server 1 Novell Linux Desktop 9 Vulnerability Type: remote code execution Severity (1-10): 9 SUSE Default Package: yes Cross-References: CVE-2006-0455, CVE-2006-0803 Content of This Advisory: 1) Security Vulnerability Resolved: gpg signature checking problems Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion This is a reissue of SUSE-SA:2006:009, after we found outthat also gpg version < 1.4.x are affected by the signature checking problem of CVE-2006-0455. With certain handcraft-able signatures GPG was returning a 0 (valid signature) when used on command-line with option --verify. This could make automated checkers, like for instance the patch file verification checker of the YaST Online Update, pass malicious patch files as correct and allow remote code execution. This is tracked by the Mitre CVE ID CVE-2006-0455. Also, the YaST Online Update script signature verification had used a feature which was not meant to be used for signature verification, making it possible to supply any kind of script which would be considered correct. This would also allow code execution. This issue is tracked by the Mitre CVE ID CVE-2006-0803. Both attacks require an attacker either manipulating a YaST Online Update mirror or manipulating the network traffic between the mirror and your machine. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes None. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv to apply the update, replacing with the filename of the downloaded RPM package. x86 Platform: SUSE LINUX 10.0: 91697f9207b20931d669f9f6d085b816 c6815c8ff1cc695f91cf9c1ba6960554 SUSE LINUX 9.3: a321ab146d07c50cc69a91352ac28bf7 1215bcf8f061079dbe05b93b1d611818 SUSE LINUX 9.2: 3df19ea2069732c17da1b150d76fdba1 ab21dd4a8f561abba2cd5b25e3076e41 e1b45fbf2b326e7a4d06d1fa23100415 SUSE LINUX 9.1: 5ea37344f72e28ff06f40976081e6499 dcdaf21f345b2d4ffa55a78c74625633 18624f647f80b9e39a8c910c90d60c87 Power PC Platform: SUSE LINUX 10.0: 584b0cc0fadc160148b98976cbb9abb8 dcc926d75e15cda7c83e6ab110defd1f x86-64 Platform: SUSE LINUX 10.0: 712892d9238ad5ae230837f89528a4c1 ea0e06b186f3ffe7df066888b69e64fe SUSE LINUX 9.3: 7cd1425a429b4637b34aa675d4eeaa85 8d27157261b70a5bb51ab643d8dd1fe8 SUSE LINUX 9.2: 9e0fb9977027d7b95006ac6405a1befc b33ebf6703546c56ec10eea205e4fbd8 6b385cd9d0902eeede67267933248404 SUSE LINUX 9.1: d05a99f75d4089a56b2f21c2b7aca67a d1c2276f502d6ad34940d1f2b907890d d74648e8c92952b1c9fdb4796f3d360e Sources: SUSE LINUX 10.0: e1f57563afd30bb0252494a010d3c0c0 SUSE LINUX 9.3: 2663aecb5e77147aca6881bd92e570bb SUSE LINUX 9.2: 9415d5fefce7c12bd381d03255ec02f1 9e6d935a4c540a5de5ff2681ee8281f1 SUSE LINUX 9.1: 4147426d68077823fa808905e10478bf f4d1da1c13fd712999a87f7736eec2eb c3ee5b82f7bb056082b3402d59b1eaed 3dc3eea2b078aa1222875ad8abd09260 Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify replacing with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team " where is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig to verify the signature of the package, replacing with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from
Mar 01, 2006
•Critical
SuSE
100
security advisorymoderateupdateSUSE Security Announcement 2003-049: High Risk Gpg Code Execution Threat
The gnupg (the SUSE package is named gpg) package is the most widelyThe gnupg (the SUSE package is named gpg) package is the most widely used software for cryptographic encryption/decryption of data. used software for cryptographic encryption/decryption of data. Two independent errors have been found in gpg (GnuPG) packages as shipped with SUSE products: A) A format string error in the clie [More...]. -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SUSE Security Announcement Package: gpg Announcement-ID: SuSE-SA:2003:048 Date: Wednesday, December 3rd 2003 15:15 MET Affected products: 7.3, 8.0, 8.1, 8.2, 9.0 SuSE Linux Enterprise Server 7, 8 SuSE Linux Database Server, SuSE eMail Server III, 3.1 SuSE Linux Firewall on CD/Admin host SuSE Linux Connectivity Server SuSE Linux Office Server SuSE Linux Desktop 1.0 SuSE Linux School Server SuSE Linux Standard Server 8 Vulnerability Type: cryptographic compromise, remote cmd execution Severity (1-10): 5 SUSE default package: yes Cross References: CAN-2003-0971 http://www.gnupg.org/ Content of this advisory: 1) security vulnerability resolved: gpg problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds: - kernel 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information The gnupg (the SUSE package is named gpg) package is the most widely used software for cryptographic encryption/decryption of data. Two independent errors have been found in gpg (GnuPG) packages as shipped with SUSE products: A) A format string error in the client code that does key retrieval from a (public) key server B) A cryptographic error in gpg that results in a compromise of a cryptographic keypair if ElGamal signing keys have been used for generating the key. A) There exists a format string error in thhe client code for key retrieval from a keyserver. gpg-1.2.x version packages are affected by this vulnerability. The format string error can be used by an attacker performing a man-in-the-middle-attack between you and your keyserver, or by a compromised keyserver. The result is a crash of gpg or a potential execution of arbitrary code provided by the attacker, if the keyserver is used for key retrieval at the time of the attack. B) Werner Koch, the author of the gpg package, has publicly announced a weakness in gpg that has been reported to him by Phong Nguyen: ElGamal signing keys can be attacked within seconds to reveal the private key of the keypair. It is strongly advised that ElGamal signing keys should be revoked immediately. Only ElGamal keys are affected, other types are not vulnerable. To find out if you are using an ElGamal signing key, list your public keys using the command gpg --list-keys your_keyid Example: $ gpg --list-keys build@suse.de pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key sub 2048g/8495160C 2000-10-19 [expires: 2006-02-12] $ If your key lists a capital "G" after the key's length (like in pub 1536G/...), then your key is vulnerable. A small letter "g" after the key length does NOT indicate any problem. ElGamal keys can be used for primary keys as well as for subkeys. In the case where only a subkey is an ElGamalkey, it is sufficient to revoke this specific subkey. To revoke a key, generate a revocation certificate using the following command: gpg --gen-revoke your_keyid > revocation_certificate.pgp Then, the revokation certificate must be imported into your keyring: gpg --import < revocation_certificate.pgp As your last action, send the key with its revocation certificate to the keyservers that know your key: gpg --keyserver wwwkeys.eu.pgp.net --send-keys your_keyid ElGamal keys can only be generated by gpg if a special option (--expert) has been used to reveal "expert" options, and if a warning has been ignored after your choice to use ElGamal keys. Such keys are rare (Werner Koch reports 848 primary ElGamal signing keys and 324 vulnerable subkeys on the keyservers.). Therefore, we expect that only experienced users of gpg may be vulnerable to the ElGamal signing key error. UPDATES: The nature of the ElGamal error implies that a possible compromise was made possible with the generation of the key in the past already. There is no way that an update package can prevent the compromise. However, the update packages that we provide prevent the use of ElGamal signing keys for key generation once the packages are installed. SUSE Linux 8.1 and before contain a gpg package of version 1.0.x (vulnerable to the ElGamal signing key bug only), a version of 1.2.x has been shipped with SUSE Linux 8.2 and 9.0 (vulnerable to both errors). We provide update packages that fix both vulnerabilities, meaning that only the packages affected by both vulnerabilities are being updated. For this reason, there are only update packages for SuSE Linux 8.2 and SUSE LINUX 9.0 available for download. Important Note: A proper installation of the gpg update package is critical for future updates on your system. The gpg program is being used by YaST Online Update (YOU) to verify theauthenticity of your update package. A failure of a signature verification will result in a failure of the installation of update packages. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web. Intel i386 Platform: SuSE-9.0: 3f3513f61408128b5a95bd251540200f patch rpm(s): 227002b89a49cf3581fb1fb4c185e725 source rpm(s): d3bb8845401d5e707a5da830ab209993 SuSE-8.2: ff54dbcb36cf741f108bdd48d5496e5d patch rpm(s): 0efef8f33670349639fa5c25b3c5f3a3 source rpm(s): 13ee0ff9bb2137365ab91f32324a4114 Opteron x86_64 Platform: SuSE-9.0: a1679f36e00347a1adf53e2209245274 patch rpm(s): f3002d4cea60bb0acea1e8bea89d46c9 source rpm(s): 50e58f6853dcd5523172cb4c07a63d89 ______________________________________________________________________________ 2) Pending vulnerabilities in SUSE Distributions and Workarounds: - kernel: brk() vulnerability All SUSE Linux kernels (except for the SUSE Linux Enterprise Server 8) are vulnerable to a privilege escalation vulnerability that can be exploited by an attacker who has local shell acccess to your system. We are in the process of testing the update packages for all of our products. The packages are expected to be released within hours and are being published as they are ready. Please follow the guidelines in the announcement about the kernel that follows this announcement. ______________________________________________________________________________ 3) standard appendix: authenticity verification, additional information - Package authenticity verification: SUSE update packages areavailable on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin of the package and its content before installing the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package. 1) execute the command md5sum after you downloaded the file from a SUSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key
Dec 03, 2003
•Important
SuSE
91
security advisoryGentooaccess controlGentoo: 202905-12 High Security Vulnerability in gpg Setgid Exposed
gpg needs to be setuid to make use of protected memory space, however thesetgid bit allowed gpg user to overwrite goup root writable files and istherefore unnecessary.. - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200307-06 - - --------------------------------------------------------------------- PACKAGE : gnupg SUMMARY : gpg setgid DATE : 2003-07-19 14:27 UTC EXPLOIT : local VERSIONS AFFECTED : =gnupg-1.2.2-r1 CVE : - - --------------------------------------------------------------------- gpg needs to be setuid to make use of protected memory space, however the setgid bit allowed gpg user to overwrite goup root writable files and is therefor unnecessary. SOLUTION It is recommended that all Gentoo Linux users who are running app-crypt/gnupg upgrade to gnupg-1.2.2-r1 as follows emerge sync emerge gnupg emerge clean - - ---------------------------------------------------------------------
Jul 19, 2003
•Critical
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!