=========================================================== Ubuntu Security Notice USN-393-2 December 07, 2006 gnupg2 vulnerabilities CVE-2006-6169, CVE-2006-6235 ===========================================================
A security issue affects the following Ubuntu releases: Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.10: gnupg2 1.9.21-0ubuntu5.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-389-1 and USN-393-1 fixed vulnerabilities in gnupg. This update provides the corresponding updates for gnupg2. Original advisory details: A buffer overflow was discovered in GnuPG. By tricking a user into running gpg interactively on a specially crafted message, an attacker could execute arbitrary code with the user's privileges. This vulnerability is not exposed when running gpg in batch mode. (CVE-2006-6169) Tavis Ormandy discovered that gnupg was incorrectly using the stack. If a user were tricked into processing a specially crafted message, an attacker could execute arbitrary code with the user's privileges. (CVE-2006-6235) Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_1.9.21-0ubuntu5.2.diff.gz Size/MD5: 39057 24885457e44f2061c1a2ef98047357d4 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_1.9.21-0ubuntu5.2.dsc Size/MD5: 839 5786619a42c6768da183ec2c39d70541 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_1.9.21.orig.tar.gz Size/MD5: 2290952 5a609db8ecc661fb299c0dccd84ad503 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg-agent_1.9.21-0ubuntu5.2_amd64.deb Size/MD5: 193748 57618f27a79f42a3e9f66705ed0ab151 http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg2_1.9.21-0ubuntu5.2_amd64.deb Size/MD5: 787166 9641af8af591a9d61c3d9d77144aa320 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gpgsm_1.9.21-0ubuntu5.2_amd64.deb Size/MD5: 333002 a6d5f35e4fc7dc4c6a837862b269ddc1 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg-agent_1.9.21-0ubuntu5.2_i386.deb Size/MD5: 176170 3dc1e0b862fbf76905b61b20132812de http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg2_1.9.21-0ubuntu5.2_i386.deb Size/MD5: 737818 ab6d004d7fbf1b0850e6f6f4f09771d4 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gpgsm_1.9.21-0ubuntu5.2_i386.deb Size/MD5: 304798 1d6b309f0690685ffa95d219750033dc powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg-agent_1.9.21-0ubuntu5.2_powerpc.deb Size/MD5: 190614 16cd71ed4d92b1203806ba50e638e9e0 http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg2_1.9.21-0ubuntu5.2_powerpc.deb Size/MD5: 773762 56903ee4d39929254b3a4ac06a56a2c5 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gpgsm_1.9.21-0ubuntu5.2_powerpc.deb Size/MD5: 324332 6b9152bd5753f974161c298d6fd6f894 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg-agent_1.9.21-0ubuntu5.2_sparc.deb Size/MD5: 174144 2e5e21144005113345e3abeef2b50496 http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg2_1.9.21-0ubuntu5.2_sparc.deb Size/MD5: 726244 5dc2d8b804a2a5276344b151a46e1346 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gpgsm_1.9.21-0ubuntu5.2_sparc.deb Size/MD5: 297640 5c27421fb28c63abac748419a05220bb
signature.asc
Description: Digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/