Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2006.0477 -- [RedHat] Moderate: gnupg security update 19 July 2006 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: gnupg Publisher: Red Hat Operating System: Red Hat Enterprise Linux Desktop 4 Red Hat Enterprise Linux AS/ES/WS 4 Red Hat Desktop 3 Red Hat Enterprise Linux AS/ES/WS 3 Red Hat Linux Advanced Workstation 2.1 Red Hat Enterprise Linux AS/ES/WS 2.1 Impact: Execute Arbitrary Code/Commands Denial of Service Access: Remote/Unauthenticated CVE Names: CVE-2006-3082 Ref: ESB-2006.0431 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2006-0571.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: gnupg security update Advisory ID: RHSA-2006:0571-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0571.html Issue date: 2006-07-18 Updated on: 2006-07-18 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-3082 - - --------------------------------------------------------------------- 1. Summary: An updated GnuPG package that fixes a security issue is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: GnuPG is a utility for encrypting data and creating digital signatures. An integer overflow flaw was found in GnuPG. An attacker could create a carefully crafted message packet with a large length that could cause GnuPG to crash or possibly overwrite memory when opened. (CVE-2006-3082) All users of GnuPG are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 195945 - CVE-2006-3082 gnupg integer overflow 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gnupg-1.0.7-17.src.rpm fa7cfe6dfa03fa809e9b2af5147a7d51 gnupg-1.0.7-17.src.rpm i386: 0cc151d11326fd2358805f4586a53184 gnupg-1.0.7-17.i386.rpm ia64: c1b68462b1b4d696fa9e90e38f6f54d7 gnupg-1.0.7-17.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gnupg-1.0.7-17.src.rpm fa7cfe6dfa03fa809e9b2af5147a7d51 gnupg-1.0.7-17.src.rpm ia64: c1b68462b1b4d696fa9e90e38f6f54d7 gnupg-1.0.7-17.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gnupg-1.0.7-17.src.rpm fa7cfe6dfa03fa809e9b2af5147a7d51 gnupg-1.0.7-17.src.rpm i386: 0cc151d11326fd2358805f4586a53184 gnupg-1.0.7-17.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gnupg-1.0.7-17.src.rpm fa7cfe6dfa03fa809e9b2af5147a7d51 gnupg-1.0.7-17.src.rpm i386: 0cc151d11326fd2358805f4586a53184 gnupg-1.0.7-17.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gnupg-1.2.1-16.src.rpm f173b3d78ec867a2f3111bdf974a274f gnupg-1.2.1-16.src.rpm i386: 4a09e2928900d8a82c2d783c7eb2d296 gnupg-1.2.1-16.i386.rpm 585875422f491242ad70dba461de85ea gnupg-debuginfo-1.2.1-16.i386.rpm ia64: 9e5c54d0ab18653e474d55b7dbf239f4 gnupg-1.2.1-16.ia64.rpm e9b95b54d37687b4450ab049305c3206 gnupg-debuginfo-1.2.1-16.ia64.rpm ppc: 950443789619df4f52cdf43ab0fec80c gnupg-1.2.1-16.ppc.rpm 90dbe63929e7992bf0c24b43a925b777 gnupg-debuginfo-1.2.1-16.ppc.rpm s390: 7e791472c18454f8f9a0e5efbee1ef87 gnupg-1.2.1-16.s390.rpm c17c578799ba3d2996a883f3be7fa76e gnupg-debuginfo-1.2.1-16.s390.rpm s390x: 14b9d593377b1e01a1dae543cc1716ad gnupg-1.2.1-16.s390x.rpm 31b331a50108e47b15208326609f7670 gnupg-debuginfo-1.2.1-16.s390x.rpm x86_64: 0e9ea49121b053d9a8bc67c50cf70673 gnupg-1.2.1-16.x86_64.rpm 46437be7724be2a7116e97006dccee11 gnupg-debuginfo-1.2.1-16.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gnupg-1.2.1-16.src.rpm f173b3d78ec867a2f3111bdf974a274f gnupg-1.2.1-16.src.rpm i386: 4a09e2928900d8a82c2d783c7eb2d296 gnupg-1.2.1-16.i386.rpm 585875422f491242ad70dba461de85ea gnupg-debuginfo-1.2.1-16.i386.rpm x86_64: 0e9ea49121b053d9a8bc67c50cf70673 gnupg-1.2.1-16.x86_64.rpm 46437be7724be2a7116e97006dccee11 gnupg-debuginfo-1.2.1-16.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gnupg-1.2.1-16.src.rpm f173b3d78ec867a2f3111bdf974a274f gnupg-1.2.1-16.src.rpm i386: 4a09e2928900d8a82c2d783c7eb2d296 gnupg-1.2.1-16.i386.rpm 585875422f491242ad70dba461de85ea gnupg-debuginfo-1.2.1-16.i386.rpm ia64: 9e5c54d0ab18653e474d55b7dbf239f4 gnupg-1.2.1-16.ia64.rpm e9b95b54d37687b4450ab049305c3206 gnupg-debuginfo-1.2.1-16.ia64.rpm x86_64: 0e9ea49121b053d9a8bc67c50cf70673 gnupg-1.2.1-16.x86_64.rpm 46437be7724be2a7116e97006dccee11 gnupg-debuginfo-1.2.1-16.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gnupg-1.2.1-16.src.rpm f173b3d78ec867a2f3111bdf974a274f gnupg-1.2.1-16.src.rpm i386: 4a09e2928900d8a82c2d783c7eb2d296 gnupg-1.2.1-16.i386.rpm 585875422f491242ad70dba461de85ea gnupg-debuginfo-1.2.1-16.i386.rpm ia64: 9e5c54d0ab18653e474d55b7dbf239f4 gnupg-1.2.1-16.ia64.rpm e9b95b54d37687b4450ab049305c3206 gnupg-debuginfo-1.2.1-16.ia64.rpm x86_64: 0e9ea49121b053d9a8bc67c50cf70673 gnupg-1.2.1-16.x86_64.rpm 46437be7724be2a7116e97006dccee11 gnupg-debuginfo-1.2.1-16.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gnupg-1.2.6-5.src.rpm 6cf00ad0b97c9731e07a34adc1965493 gnupg-1.2.6-5.src.rpm i386: 47e0360b4534d7220dd01f5dbdf11d72 gnupg-1.2.6-5.i386.rpm c3a7f32d81cbf830f9143646288d04a6 gnupg-debuginfo-1.2.6-5.i386.rpm ia64: 8bcbf0ee44c28eda3700601462f8f279 gnupg-1.2.6-5.ia64.rpm 0e8ac80c56798191601ba554fad08556 gnupg-debuginfo-1.2.6-5.ia64.rpm ppc: b5441d9d4ade66a04f4cdea1ddbdd307 gnupg-1.2.6-5.ppc.rpm ea1d914777b585a1e41aea1939cefabb gnupg-debuginfo-1.2.6-5.ppc.rpm s390: d7b5cfdd8c6f094a296c158922fe9b2e gnupg-1.2.6-5.s390.rpm 3540be56fb0b644f0fefa4d38805109c gnupg-debuginfo-1.2.6-5.s390.rpm s390x: 5d50e214254980abd03cd087eacf35bd gnupg-1.2.6-5.s390x.rpm b653dc31175df5d2e2144cbb9a0a7399 gnupg-debuginfo-1.2.6-5.s390x.rpm x86_64: 64689932318e0b756e64d1b4cfd4c850 gnupg-1.2.6-5.x86_64.rpm 45ccc6c12630ca9ac199edfc97b75fe9 gnupg-debuginfo-1.2.6-5.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gnupg-1.2.6-5.src.rpm 6cf00ad0b97c9731e07a34adc1965493 gnupg-1.2.6-5.src.rpm i386: 47e0360b4534d7220dd01f5dbdf11d72 gnupg-1.2.6-5.i386.rpm c3a7f32d81cbf830f9143646288d04a6 gnupg-debuginfo-1.2.6-5.i386.rpm x86_64: 64689932318e0b756e64d1b4cfd4c850 gnupg-1.2.6-5.x86_64.rpm 45ccc6c12630ca9ac199edfc97b75fe9 gnupg-debuginfo-1.2.6-5.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gnupg-1.2.6-5.src.rpm 6cf00ad0b97c9731e07a34adc1965493 gnupg-1.2.6-5.src.rpm i386: 47e0360b4534d7220dd01f5dbdf11d72 gnupg-1.2.6-5.i386.rpm c3a7f32d81cbf830f9143646288d04a6 gnupg-debuginfo-1.2.6-5.i386.rpm ia64: 8bcbf0ee44c28eda3700601462f8f279 gnupg-1.2.6-5.ia64.rpm 0e8ac80c56798191601ba554fad08556 gnupg-debuginfo-1.2.6-5.ia64.rpm x86_64: 64689932318e0b756e64d1b4cfd4c850 gnupg-1.2.6-5.x86_64.rpm 45ccc6c12630ca9ac199edfc97b75fe9 gnupg-debuginfo-1.2.6-5.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gnupg-1.2.6-5.src.rpm 6cf00ad0b97c9731e07a34adc1965493 gnupg-1.2.6-5.src.rpm i386: 47e0360b4534d7220dd01f5dbdf11d72 gnupg-1.2.6-5.i386.rpm c3a7f32d81cbf830f9143646288d04a6 gnupg-debuginfo-1.2.6-5.i386.rpm ia64: 8bcbf0ee44c28eda3700601462f8f279 gnupg-1.2.6-5.ia64.rpm 0e8ac80c56798191601ba554fad08556 gnupg-debuginfo-1.2.6-5.ia64.rpm x86_64: 64689932318e0b756e64d1b4cfd4c850 gnupg-1.2.6-5.x86_64.rpm 45ccc6c12630ca9ac199edfc97b75fe9 gnupg-debuginfo-1.2.6-5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3082 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFEvLqFXlSAg2UNWIIRAs0GAKDC2yFB6ZYCJxKRVHkr2d+l7gQ5ywCdFzVw a8vCYa9aPS+QiUSH2gr85Ck= =gL1L - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBRL11Tih9+71yA2DNAQLmbwP/dfwKh6Do+vjSKpCmVJe1Y1kqLEKc9hgZ EPTCVUgA1dOUdZ0uEOJhrq3N7SE12/jojWDDJNvxmlggI/C2oMhsA8jEy71qMDdQ nTvTS5Ru5kd3Y2Pp2R696hE1Qo3ow6Mxo9fV/262kFN0eaYHi3TzhZlvrFoYVCPF Vz0r/i6WKzI= =jcf1 -----END PGP SIGNATURE-----