Security Advisory gnupg security update

Advisory: RHSA-2006:0615-4
Type: Security Advisory
Severity: Moderate
Issued on: 2006-08-02
Last updated on: 2006-08-02
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: N/A
CVEs (cve.mitre.org): CVE-2006-3746

Details

Updated GnuPG packages that fix a security issue is now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

GnuPG is a utility for encrypting data and creating digital signatures.

An integer overflow flaw was found in GnuPG. An attacker could create a
carefully crafted message packet with a large length that could cause GnuPG
to crash or possibly overwrite memory when opened. (CVE-2006-3746)

All users of GnuPG are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
gnupg-1.2.1-17.src.rpm
File outdated by:  RHSA-2007:0106		     698a43061ce89f27bcd46eabd6f51230
 
IA-32:
gnupg-1.2.1-17.i386.rpm
File outdated by:  RHSA-2007:0106		     65fee1a3a471eb6c8e214ccef7bfe3fe
 
x86_64:
gnupg-1.2.1-17.x86_64.rpm
File outdated by:  RHSA-2007:0106		     258bae860c6fb917cf800fd3c1a18478
 
Red Hat Desktop (v. 4)
SRPMS:
gnupg-1.2.6-6.src.rpm
File outdated by:  RHSA-2007:0106		     55db2b04516f48422fe35be762cfbe80
 
IA-32:
gnupg-1.2.6-6.i386.rpm
File outdated by:  RHSA-2007:0106		     41a2ad79f2fe8507b66405400735211a
 
x86_64:
gnupg-1.2.6-6.x86_64.rpm
File outdated by:  RHSA-2007:0106		     2df9a26aa1f740d903a223973d815306
 
Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
gnupg-1.0.7-18.src.rpm
File outdated by:  RHSA-2007:0106		     7b3112bfc84dafe30c00070c8cb09700
 
IA-32:
gnupg-1.0.7-18.i386.rpm
File outdated by:  RHSA-2007:0106		     958a64d9ec82066ab08da445199f6e75
 
IA-64:
gnupg-1.0.7-18.ia64.rpm
File outdated by:  RHSA-2007:0106		     0eae4ff0de57c02ed733997444eaf7bc
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
gnupg-1.2.1-17.src.rpm
File outdated by:  RHSA-2007:0106		     698a43061ce89f27bcd46eabd6f51230
 
IA-32:
gnupg-1.2.1-17.i386.rpm
File outdated by:  RHSA-2007:0106		     65fee1a3a471eb6c8e214ccef7bfe3fe
 
IA-64:
gnupg-1.2.1-17.ia64.rpm
File outdated by:  RHSA-2007:0106		     c1191a75f9ae45290f1c4524f2496a6c
 
PPC:
gnupg-1.2.1-17.ppc.rpm
File outdated by:  RHSA-2007:0106		     ce9d270a17b85a449bd6edc71ca6e10b
 
s390:
gnupg-1.2.1-17.s390.rpm
File outdated by:  RHSA-2007:0106		     580852ff5bbef0d3a7c24abca0e3610c
 
s390x:
gnupg-1.2.1-17.s390x.rpm
File outdated by:  RHSA-2007:0106		     e9d583a9471b453ce627e84dca5a9ccc
 
x86_64:
gnupg-1.2.1-17.x86_64.rpm
File outdated by:  RHSA-2007:0106		     258bae860c6fb917cf800fd3c1a18478
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
gnupg-1.2.6-6.src.rpm
File outdated by:  RHSA-2007:0106		     55db2b04516f48422fe35be762cfbe80
 
IA-32:
gnupg-1.2.6-6.i386.rpm
File outdated by:  RHSA-2007:0106		     41a2ad79f2fe8507b66405400735211a
 
IA-64:
gnupg-1.2.6-6.ia64.rpm
File outdated by:  RHSA-2007:0106		     bd78ca4648898a9d78ac79fc81a0b604
 
PPC:
gnupg-1.2.6-6.ppc.rpm
File outdated by:  RHSA-2007:0106		     8aa392d26563d4b4654e7a379503614a
 
s390:
gnupg-1.2.6-6.s390.rpm
File outdated by:  RHSA-2007:0106		     db61ab7f02568b32b6cc898f09f02276
 
s390x:
gnupg-1.2.6-6.s390x.rpm
File outdated by:  RHSA-2007:0106		     cc2f486af4a032b4aa8663f2b66f5dcd
 
x86_64:
gnupg-1.2.6-6.x86_64.rpm
File outdated by:  RHSA-2007:0106		     2df9a26aa1f740d903a223973d815306
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
gnupg-1.0.7-18.src.rpm
File outdated by:  RHSA-2007:0106		     7b3112bfc84dafe30c00070c8cb09700
 
IA-32:
gnupg-1.0.7-18.i386.rpm
File outdated by:  RHSA-2007:0106		     958a64d9ec82066ab08da445199f6e75
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
gnupg-1.2.1-17.src.rpm
File outdated by:  RHSA-2007:0106		     698a43061ce89f27bcd46eabd6f51230
 
IA-32:
gnupg-1.2.1-17.i386.rpm
File outdated by:  RHSA-2007:0106		     65fee1a3a471eb6c8e214ccef7bfe3fe
 
IA-64:
gnupg-1.2.1-17.ia64.rpm
File outdated by:  RHSA-2007:0106		     c1191a75f9ae45290f1c4524f2496a6c
 
x86_64:
gnupg-1.2.1-17.x86_64.rpm
File outdated by:  RHSA-2007:0106		     258bae860c6fb917cf800fd3c1a18478
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
gnupg-1.2.6-6.src.rpm
File outdated by:  RHSA-2007:0106		     55db2b04516f48422fe35be762cfbe80
 
IA-32:
gnupg-1.2.6-6.i386.rpm
File outdated by:  RHSA-2007:0106		     41a2ad79f2fe8507b66405400735211a
 
IA-64:
gnupg-1.2.6-6.ia64.rpm
File outdated by:  RHSA-2007:0106		     bd78ca4648898a9d78ac79fc81a0b604
 
x86_64:
gnupg-1.2.6-6.x86_64.rpm
File outdated by:  RHSA-2007:0106		     2df9a26aa1f740d903a223973d815306
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
gnupg-1.0.7-18.src.rpm
File outdated by:  RHSA-2007:0106		     7b3112bfc84dafe30c00070c8cb09700
 
IA-32:
gnupg-1.0.7-18.i386.rpm
File outdated by:  RHSA-2007:0106		     958a64d9ec82066ab08da445199f6e75
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
gnupg-1.2.1-17.src.rpm
File outdated by:  RHSA-2007:0106		     698a43061ce89f27bcd46eabd6f51230
 
IA-32:
gnupg-1.2.1-17.i386.rpm
File outdated by:  RHSA-2007:0106		     65fee1a3a471eb6c8e214ccef7bfe3fe
 
IA-64:
gnupg-1.2.1-17.ia64.rpm
File outdated by:  RHSA-2007:0106		     c1191a75f9ae45290f1c4524f2496a6c
 
x86_64:
gnupg-1.2.1-17.x86_64.rpm
File outdated by:  RHSA-2007:0106		     258bae860c6fb917cf800fd3c1a18478
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
gnupg-1.2.6-6.src.rpm
File outdated by:  RHSA-2007:0106		     55db2b04516f48422fe35be762cfbe80
 
IA-32:
gnupg-1.2.6-6.i386.rpm
File outdated by:  RHSA-2007:0106		     41a2ad79f2fe8507b66405400735211a
 
IA-64:
gnupg-1.2.6-6.ia64.rpm
File outdated by:  RHSA-2007:0106		     bd78ca4648898a9d78ac79fc81a0b604
 
x86_64:
gnupg-1.2.6-6.x86_64.rpm
File outdated by:  RHSA-2007:0106		     2df9a26aa1f740d903a223973d815306
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
gnupg-1.0.7-18.src.rpm
File outdated by:  RHSA-2007:0106		     7b3112bfc84dafe30c00070c8cb09700
 
IA-64:
gnupg-1.0.7-18.ia64.rpm
File outdated by:  RHSA-2007:0106		     0eae4ff0de57c02ed733997444eaf7bc
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

200502 - CVE-2006-3746 GnuPG Parse_Comment Remote Buffer Overflow


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3746
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/