Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2006.0477 -- [RedHat]
Moderate: gnupg security update
19 July 2006
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: gnupg
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Desktop 4
Red Hat Enterprise Linux AS/ES/WS 4
Red Hat Desktop 3
Red Hat Enterprise Linux AS/ES/WS 3
Red Hat Linux Advanced Workstation 2.1
Red Hat Enterprise Linux AS/ES/WS 2.1
Impact: Execute Arbitrary Code/Commands
Denial of Service
Access: Remote/Unauthenticated
CVE Names: CVE-2006-3082
Ref: ESB-2006.0431
Original Bulletin: https://rhn.redhat.com/errata/RHSA-2006-0571.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Moderate: gnupg security update
Advisory ID: RHSA-2006:0571-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0571.html
Issue date: 2006-07-18
Updated on: 2006-07-18
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-3082
- - ---------------------------------------------------------------------
1. Summary:
An updated GnuPG package that fixes a security issue is now available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
GnuPG is a utility for encrypting data and creating digital signatures.
An integer overflow flaw was found in GnuPG. An attacker could create a
carefully crafted message packet with a large length that could cause GnuPG
to crash or possibly overwrite memory when opened. (CVE-2006-3082)
All users of GnuPG are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
195945 - CVE-2006-3082 gnupg integer overflow
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gnupg-1.0.7-17.src.rpm
fa7cfe6dfa03fa809e9b2af5147a7d51 gnupg-1.0.7-17.src.rpm
i386:
0cc151d11326fd2358805f4586a53184 gnupg-1.0.7-17.i386.rpm
ia64:
c1b68462b1b4d696fa9e90e38f6f54d7 gnupg-1.0.7-17.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gnupg-1.0.7-17.src.rpm
fa7cfe6dfa03fa809e9b2af5147a7d51 gnupg-1.0.7-17.src.rpm
ia64:
c1b68462b1b4d696fa9e90e38f6f54d7 gnupg-1.0.7-17.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gnupg-1.0.7-17.src.rpm
fa7cfe6dfa03fa809e9b2af5147a7d51 gnupg-1.0.7-17.src.rpm
i386:
0cc151d11326fd2358805f4586a53184 gnupg-1.0.7-17.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gnupg-1.0.7-17.src.rpm
fa7cfe6dfa03fa809e9b2af5147a7d51 gnupg-1.0.7-17.src.rpm
i386:
0cc151d11326fd2358805f4586a53184 gnupg-1.0.7-17.i386.rpm
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gnupg-1.2.1-16.src.rpm
f173b3d78ec867a2f3111bdf974a274f gnupg-1.2.1-16.src.rpm
i386:
4a09e2928900d8a82c2d783c7eb2d296 gnupg-1.2.1-16.i386.rpm
585875422f491242ad70dba461de85ea gnupg-debuginfo-1.2.1-16.i386.rpm
ia64:
9e5c54d0ab18653e474d55b7dbf239f4 gnupg-1.2.1-16.ia64.rpm
e9b95b54d37687b4450ab049305c3206 gnupg-debuginfo-1.2.1-16.ia64.rpm
ppc:
950443789619df4f52cdf43ab0fec80c gnupg-1.2.1-16.ppc.rpm
90dbe63929e7992bf0c24b43a925b777 gnupg-debuginfo-1.2.1-16.ppc.rpm
s390:
7e791472c18454f8f9a0e5efbee1ef87 gnupg-1.2.1-16.s390.rpm
c17c578799ba3d2996a883f3be7fa76e gnupg-debuginfo-1.2.1-16.s390.rpm
s390x:
14b9d593377b1e01a1dae543cc1716ad gnupg-1.2.1-16.s390x.rpm
31b331a50108e47b15208326609f7670 gnupg-debuginfo-1.2.1-16.s390x.rpm
x86_64:
0e9ea49121b053d9a8bc67c50cf70673 gnupg-1.2.1-16.x86_64.rpm
46437be7724be2a7116e97006dccee11 gnupg-debuginfo-1.2.1-16.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gnupg-1.2.1-16.src.rpm
f173b3d78ec867a2f3111bdf974a274f gnupg-1.2.1-16.src.rpm
i386:
4a09e2928900d8a82c2d783c7eb2d296 gnupg-1.2.1-16.i386.rpm
585875422f491242ad70dba461de85ea gnupg-debuginfo-1.2.1-16.i386.rpm
x86_64:
0e9ea49121b053d9a8bc67c50cf70673 gnupg-1.2.1-16.x86_64.rpm
46437be7724be2a7116e97006dccee11 gnupg-debuginfo-1.2.1-16.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gnupg-1.2.1-16.src.rpm
f173b3d78ec867a2f3111bdf974a274f gnupg-1.2.1-16.src.rpm
i386:
4a09e2928900d8a82c2d783c7eb2d296 gnupg-1.2.1-16.i386.rpm
585875422f491242ad70dba461de85ea gnupg-debuginfo-1.2.1-16.i386.rpm
ia64:
9e5c54d0ab18653e474d55b7dbf239f4 gnupg-1.2.1-16.ia64.rpm
e9b95b54d37687b4450ab049305c3206 gnupg-debuginfo-1.2.1-16.ia64.rpm
x86_64:
0e9ea49121b053d9a8bc67c50cf70673 gnupg-1.2.1-16.x86_64.rpm
46437be7724be2a7116e97006dccee11 gnupg-debuginfo-1.2.1-16.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gnupg-1.2.1-16.src.rpm
f173b3d78ec867a2f3111bdf974a274f gnupg-1.2.1-16.src.rpm
i386:
4a09e2928900d8a82c2d783c7eb2d296 gnupg-1.2.1-16.i386.rpm
585875422f491242ad70dba461de85ea gnupg-debuginfo-1.2.1-16.i386.rpm
ia64:
9e5c54d0ab18653e474d55b7dbf239f4 gnupg-1.2.1-16.ia64.rpm
e9b95b54d37687b4450ab049305c3206 gnupg-debuginfo-1.2.1-16.ia64.rpm
x86_64:
0e9ea49121b053d9a8bc67c50cf70673 gnupg-1.2.1-16.x86_64.rpm
46437be7724be2a7116e97006dccee11 gnupg-debuginfo-1.2.1-16.x86_64.rpm
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gnupg-1.2.6-5.src.rpm
6cf00ad0b97c9731e07a34adc1965493 gnupg-1.2.6-5.src.rpm
i386:
47e0360b4534d7220dd01f5dbdf11d72 gnupg-1.2.6-5.i386.rpm
c3a7f32d81cbf830f9143646288d04a6 gnupg-debuginfo-1.2.6-5.i386.rpm
ia64:
8bcbf0ee44c28eda3700601462f8f279 gnupg-1.2.6-5.ia64.rpm
0e8ac80c56798191601ba554fad08556 gnupg-debuginfo-1.2.6-5.ia64.rpm
ppc:
b5441d9d4ade66a04f4cdea1ddbdd307 gnupg-1.2.6-5.ppc.rpm
ea1d914777b585a1e41aea1939cefabb gnupg-debuginfo-1.2.6-5.ppc.rpm
s390:
d7b5cfdd8c6f094a296c158922fe9b2e gnupg-1.2.6-5.s390.rpm
3540be56fb0b644f0fefa4d38805109c gnupg-debuginfo-1.2.6-5.s390.rpm
s390x:
5d50e214254980abd03cd087eacf35bd gnupg-1.2.6-5.s390x.rpm
b653dc31175df5d2e2144cbb9a0a7399 gnupg-debuginfo-1.2.6-5.s390x.rpm
x86_64:
64689932318e0b756e64d1b4cfd4c850 gnupg-1.2.6-5.x86_64.rpm
45ccc6c12630ca9ac199edfc97b75fe9 gnupg-debuginfo-1.2.6-5.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gnupg-1.2.6-5.src.rpm
6cf00ad0b97c9731e07a34adc1965493 gnupg-1.2.6-5.src.rpm
i386:
47e0360b4534d7220dd01f5dbdf11d72 gnupg-1.2.6-5.i386.rpm
c3a7f32d81cbf830f9143646288d04a6 gnupg-debuginfo-1.2.6-5.i386.rpm
x86_64:
64689932318e0b756e64d1b4cfd4c850 gnupg-1.2.6-5.x86_64.rpm
45ccc6c12630ca9ac199edfc97b75fe9 gnupg-debuginfo-1.2.6-5.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gnupg-1.2.6-5.src.rpm
6cf00ad0b97c9731e07a34adc1965493 gnupg-1.2.6-5.src.rpm
i386:
47e0360b4534d7220dd01f5dbdf11d72 gnupg-1.2.6-5.i386.rpm
c3a7f32d81cbf830f9143646288d04a6 gnupg-debuginfo-1.2.6-5.i386.rpm
ia64:
8bcbf0ee44c28eda3700601462f8f279 gnupg-1.2.6-5.ia64.rpm
0e8ac80c56798191601ba554fad08556 gnupg-debuginfo-1.2.6-5.ia64.rpm
x86_64:
64689932318e0b756e64d1b4cfd4c850 gnupg-1.2.6-5.x86_64.rpm
45ccc6c12630ca9ac199edfc97b75fe9 gnupg-debuginfo-1.2.6-5.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gnupg-1.2.6-5.src.rpm
6cf00ad0b97c9731e07a34adc1965493 gnupg-1.2.6-5.src.rpm
i386:
47e0360b4534d7220dd01f5dbdf11d72 gnupg-1.2.6-5.i386.rpm
c3a7f32d81cbf830f9143646288d04a6 gnupg-debuginfo-1.2.6-5.i386.rpm
ia64:
8bcbf0ee44c28eda3700601462f8f279 gnupg-1.2.6-5.ia64.rpm
0e8ac80c56798191601ba554fad08556 gnupg-debuginfo-1.2.6-5.ia64.rpm
x86_64:
64689932318e0b756e64d1b4cfd4c850 gnupg-1.2.6-5.x86_64.rpm
45ccc6c12630ca9ac199edfc97b75fe9 gnupg-debuginfo-1.2.6-5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3082
http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFEvLqFXlSAg2UNWIIRAs0GAKDC2yFB6ZYCJxKRVHkr2d+l7gQ5ywCdFzVw
a8vCYa9aPS+QiUSH2gr85Ck=
=gL1L
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRL11Tih9+71yA2DNAQLmbwP/dfwKh6Do+vjSKpCmVJe1Y1kqLEKc9hgZ
EPTCVUgA1dOUdZ0uEOJhrq3N7SE12/jojWDDJNvxmlggI/C2oMhsA8jEy71qMDdQ
nTvTS5Ru5kd3Y2Pp2R696hE1Qo3ow6Mxo9fV/262kFN0eaYHi3TzhZlvrFoYVCPF
Vz0r/i6WKzI=
=jcf1
-----END PGP SIGNATURE-----