[RHSA-2006:0571-01] Moderate: gnupg security update

Tue Jul 18 10:40:15 UTC 2006

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: gnupg security update
Advisory ID:       RHSA-2006:0571-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0571.html
Issue date:        2006-07-18
Updated on:        2006-07-18
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2006-3082 
- ---------------------------------------------------------------------

1. Summary:

An updated GnuPG package that fixes a security issue is now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

GnuPG is a utility for encrypting data and creating digital signatures.

An integer overflow flaw was found in GnuPG.  An attacker could create a
carefully crafted message packet with a large length that could cause GnuPG
to crash or possibly overwrite memory when opened. (CVE-2006-3082)

All users of GnuPG are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

195945 - CVE-2006-3082 gnupg integer overflow

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gnupg-1.0.7-17.src.rpm
fa7cfe6dfa03fa809e9b2af5147a7d51  gnupg-1.0.7-17.src.rpm

i386:
0cc151d11326fd2358805f4586a53184  gnupg-1.0.7-17.i386.rpm

ia64:
c1b68462b1b4d696fa9e90e38f6f54d7  gnupg-1.0.7-17.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gnupg-1.0.7-17.src.rpm
fa7cfe6dfa03fa809e9b2af5147a7d51  gnupg-1.0.7-17.src.rpm

ia64:
c1b68462b1b4d696fa9e90e38f6f54d7  gnupg-1.0.7-17.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gnupg-1.0.7-17.src.rpm
fa7cfe6dfa03fa809e9b2af5147a7d51  gnupg-1.0.7-17.src.rpm

i386:
0cc151d11326fd2358805f4586a53184  gnupg-1.0.7-17.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gnupg-1.0.7-17.src.rpm
fa7cfe6dfa03fa809e9b2af5147a7d51  gnupg-1.0.7-17.src.rpm

i386:
0cc151d11326fd2358805f4586a53184  gnupg-1.0.7-17.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gnupg-1.2.1-16.src.rpm
f173b3d78ec867a2f3111bdf974a274f  gnupg-1.2.1-16.src.rpm

i386:
4a09e2928900d8a82c2d783c7eb2d296  gnupg-1.2.1-16.i386.rpm
585875422f491242ad70dba461de85ea  gnupg-debuginfo-1.2.1-16.i386.rpm

ia64:
9e5c54d0ab18653e474d55b7dbf239f4  gnupg-1.2.1-16.ia64.rpm
e9b95b54d37687b4450ab049305c3206  gnupg-debuginfo-1.2.1-16.ia64.rpm

ppc:
950443789619df4f52cdf43ab0fec80c  gnupg-1.2.1-16.ppc.rpm
90dbe63929e7992bf0c24b43a925b777  gnupg-debuginfo-1.2.1-16.ppc.rpm

s390:
7e791472c18454f8f9a0e5efbee1ef87  gnupg-1.2.1-16.s390.rpm
c17c578799ba3d2996a883f3be7fa76e  gnupg-debuginfo-1.2.1-16.s390.rpm

s390x:
14b9d593377b1e01a1dae543cc1716ad  gnupg-1.2.1-16.s390x.rpm
31b331a50108e47b15208326609f7670  gnupg-debuginfo-1.2.1-16.s390x.rpm

x86_64:
0e9ea49121b053d9a8bc67c50cf70673  gnupg-1.2.1-16.x86_64.rpm
46437be7724be2a7116e97006dccee11  gnupg-debuginfo-1.2.1-16.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gnupg-1.2.1-16.src.rpm
f173b3d78ec867a2f3111bdf974a274f  gnupg-1.2.1-16.src.rpm

i386:
4a09e2928900d8a82c2d783c7eb2d296  gnupg-1.2.1-16.i386.rpm
585875422f491242ad70dba461de85ea  gnupg-debuginfo-1.2.1-16.i386.rpm

x86_64:
0e9ea49121b053d9a8bc67c50cf70673  gnupg-1.2.1-16.x86_64.rpm
46437be7724be2a7116e97006dccee11  gnupg-debuginfo-1.2.1-16.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gnupg-1.2.1-16.src.rpm
f173b3d78ec867a2f3111bdf974a274f  gnupg-1.2.1-16.src.rpm

i386:
4a09e2928900d8a82c2d783c7eb2d296  gnupg-1.2.1-16.i386.rpm
585875422f491242ad70dba461de85ea  gnupg-debuginfo-1.2.1-16.i386.rpm

ia64:
9e5c54d0ab18653e474d55b7dbf239f4  gnupg-1.2.1-16.ia64.rpm
e9b95b54d37687b4450ab049305c3206  gnupg-debuginfo-1.2.1-16.ia64.rpm

x86_64:
0e9ea49121b053d9a8bc67c50cf70673  gnupg-1.2.1-16.x86_64.rpm
46437be7724be2a7116e97006dccee11  gnupg-debuginfo-1.2.1-16.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gnupg-1.2.1-16.src.rpm
f173b3d78ec867a2f3111bdf974a274f  gnupg-1.2.1-16.src.rpm

i386:
4a09e2928900d8a82c2d783c7eb2d296  gnupg-1.2.1-16.i386.rpm
585875422f491242ad70dba461de85ea  gnupg-debuginfo-1.2.1-16.i386.rpm

ia64:
9e5c54d0ab18653e474d55b7dbf239f4  gnupg-1.2.1-16.ia64.rpm
e9b95b54d37687b4450ab049305c3206  gnupg-debuginfo-1.2.1-16.ia64.rpm

x86_64:
0e9ea49121b053d9a8bc67c50cf70673  gnupg-1.2.1-16.x86_64.rpm
46437be7724be2a7116e97006dccee11  gnupg-debuginfo-1.2.1-16.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gnupg-1.2.6-5.src.rpm
6cf00ad0b97c9731e07a34adc1965493  gnupg-1.2.6-5.src.rpm

i386:
47e0360b4534d7220dd01f5dbdf11d72  gnupg-1.2.6-5.i386.rpm
c3a7f32d81cbf830f9143646288d04a6  gnupg-debuginfo-1.2.6-5.i386.rpm

ia64:
8bcbf0ee44c28eda3700601462f8f279  gnupg-1.2.6-5.ia64.rpm
0e8ac80c56798191601ba554fad08556  gnupg-debuginfo-1.2.6-5.ia64.rpm

ppc:
b5441d9d4ade66a04f4cdea1ddbdd307  gnupg-1.2.6-5.ppc.rpm
ea1d914777b585a1e41aea1939cefabb  gnupg-debuginfo-1.2.6-5.ppc.rpm

s390:
d7b5cfdd8c6f094a296c158922fe9b2e  gnupg-1.2.6-5.s390.rpm
3540be56fb0b644f0fefa4d38805109c  gnupg-debuginfo-1.2.6-5.s390.rpm

s390x:
5d50e214254980abd03cd087eacf35bd  gnupg-1.2.6-5.s390x.rpm
b653dc31175df5d2e2144cbb9a0a7399  gnupg-debuginfo-1.2.6-5.s390x.rpm

x86_64:
64689932318e0b756e64d1b4cfd4c850  gnupg-1.2.6-5.x86_64.rpm
45ccc6c12630ca9ac199edfc97b75fe9  gnupg-debuginfo-1.2.6-5.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gnupg-1.2.6-5.src.rpm
6cf00ad0b97c9731e07a34adc1965493  gnupg-1.2.6-5.src.rpm

i386:
47e0360b4534d7220dd01f5dbdf11d72  gnupg-1.2.6-5.i386.rpm
c3a7f32d81cbf830f9143646288d04a6  gnupg-debuginfo-1.2.6-5.i386.rpm

x86_64:
64689932318e0b756e64d1b4cfd4c850  gnupg-1.2.6-5.x86_64.rpm
45ccc6c12630ca9ac199edfc97b75fe9  gnupg-debuginfo-1.2.6-5.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gnupg-1.2.6-5.src.rpm
6cf00ad0b97c9731e07a34adc1965493  gnupg-1.2.6-5.src.rpm

i386:
47e0360b4534d7220dd01f5dbdf11d72  gnupg-1.2.6-5.i386.rpm
c3a7f32d81cbf830f9143646288d04a6  gnupg-debuginfo-1.2.6-5.i386.rpm

ia64:
8bcbf0ee44c28eda3700601462f8f279  gnupg-1.2.6-5.ia64.rpm
0e8ac80c56798191601ba554fad08556  gnupg-debuginfo-1.2.6-5.ia64.rpm

x86_64:
64689932318e0b756e64d1b4cfd4c850  gnupg-1.2.6-5.x86_64.rpm
45ccc6c12630ca9ac199edfc97b75fe9  gnupg-debuginfo-1.2.6-5.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gnupg-1.2.6-5.src.rpm
6cf00ad0b97c9731e07a34adc1965493  gnupg-1.2.6-5.src.rpm

i386:
47e0360b4534d7220dd01f5dbdf11d72  gnupg-1.2.6-5.i386.rpm
c3a7f32d81cbf830f9143646288d04a6  gnupg-debuginfo-1.2.6-5.i386.rpm

ia64:
8bcbf0ee44c28eda3700601462f8f279  gnupg-1.2.6-5.ia64.rpm
0e8ac80c56798191601ba554fad08556  gnupg-debuginfo-1.2.6-5.ia64.rpm

x86_64:
64689932318e0b756e64d1b4cfd4c850  gnupg-1.2.6-5.x86_64.rpm
45ccc6c12630ca9ac199edfc97b75fe9  gnupg-debuginfo-1.2.6-5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3082
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFEvLqFXlSAg2UNWIIRAs0GAKDC2yFB6ZYCJxKRVHkr2d+l7gQ5ywCdFzVw
a8vCYa9aPS+QiUSH2gr85Ck=
=gL1L
-----END PGP SIGNATURE-----