__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN GnuPG Security Update [RHSA-2006:0615-4] August 2, 2006 17:00 GMT Number Q-266 [REVISED 04 Aug 2006] ______________________________________________________________________________ PROBLEM: An integer overflow flaw was found in GnuPG. PLATFORM: Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor DAMAGE: An attacker could create a carefully crafted message packet with a large length that could cause GnuPG to crash or possibly overwrite memory when opened. SOLUTION: Apply current patches. ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. An attacker could overwrite memory. ASSESSMENT: ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/q-266.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2006-0615.html ADDITIONAL LINKS: Debian Security Advisory 1140-1 http://www.debian.org/security/2006/dsa-1140 Debian Security Advisory 1141-1 http://www.debian.org/security/2006/dsa-1141 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3746 ______________________________________________________________________________ REVISION HISTORY: 08/04/06 - added links to Debian Security Advisories 1140-1 and 1141-1 [***** Start RHSA-2006:0615-4 *****] Moderate: gnupg security update Advisory: RHSA-2006:0615-4 Type: Security Advisory Issued on: 2006-08-02 Last updated on: 2006-08-02 Affected Products: Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor CVEs (cve.mitre.org): CVE-2006-3746 Details Updated GnuPG packages that fix a security issue is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GnuPG is a utility for encrypting data and creating digital signatures. An integer overflow flaw was found in GnuPG. An attacker could create a carefully crafted message packet with a large length that could cause GnuPG to crash or possibly overwrite memory when opened. (CVE-2006-3746) All users of GnuPG are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Updated packages Red Hat Desktop (v. 3) SRPMS: gnupg-1.2.1-17.src.rpm 698a43061ce89f27bcd46eabd6f51230 IA-32: gnupg-1.2.1-17.i386.rpm 65fee1a3a471eb6c8e214ccef7bfe3fe x86_64: gnupg-1.2.1-17.x86_64.rpm 258bae860c6fb917cf800fd3c1a18478 Red Hat Desktop (v. 4) SRPMS: gnupg-1.2.6-6.src.rpm 55db2b04516f48422fe35be762cfbe80 IA-32: gnupg-1.2.6-6.i386.rpm 41a2ad79f2fe8507b66405400735211a x86_64: gnupg-1.2.6-6.x86_64.rpm 2df9a26aa1f740d903a223973d815306 Red Hat Enterprise Linux AS (v. 2.1) SRPMS: gnupg-1.0.7-18.src.rpm 7b3112bfc84dafe30c00070c8cb09700 IA-32: gnupg-1.0.7-18.i386.rpm 958a64d9ec82066ab08da445199f6e75 IA-64: gnupg-1.0.7-18.ia64.rpm 0eae4ff0de57c02ed733997444eaf7bc Red Hat Enterprise Linux AS (v. 3) SRPMS: gnupg-1.2.1-17.src.rpm 698a43061ce89f27bcd46eabd6f51230 IA-32: gnupg-1.2.1-17.i386.rpm 65fee1a3a471eb6c8e214ccef7bfe3fe IA-64: gnupg-1.2.1-17.ia64.rpm c1191a75f9ae45290f1c4524f2496a6c PPC: gnupg-1.2.1-17.ppc.rpm ce9d270a17b85a449bd6edc71ca6e10b s390: gnupg-1.2.1-17.s390.rpm 580852ff5bbef0d3a7c24abca0e3610c s390x: gnupg-1.2.1-17.s390x.rpm e9d583a9471b453ce627e84dca5a9ccc x86_64: gnupg-1.2.1-17.x86_64.rpm 258bae860c6fb917cf800fd3c1a18478 Red Hat Enterprise Linux AS (v. 4) SRPMS: gnupg-1.2.6-6.src.rpm 55db2b04516f48422fe35be762cfbe80 IA-32: gnupg-1.2.6-6.i386.rpm 41a2ad79f2fe8507b66405400735211a IA-64: gnupg-1.2.6-6.ia64.rpm bd78ca4648898a9d78ac79fc81a0b604 PPC: gnupg-1.2.6-6.ppc.rpm 8aa392d26563d4b4654e7a379503614a s390: gnupg-1.2.6-6.s390.rpm db61ab7f02568b32b6cc898f09f02276 s390x: gnupg-1.2.6-6.s390x.rpm cc2f486af4a032b4aa8663f2b66f5dcd x86_64: gnupg-1.2.6-6.x86_64.rpm 2df9a26aa1f740d903a223973d815306 Red Hat Enterprise Linux ES (v. 2.1) SRPMS: gnupg-1.0.7-18.src.rpm 7b3112bfc84dafe30c00070c8cb09700 IA-32: gnupg-1.0.7-18.i386.rpm 958a64d9ec82066ab08da445199f6e75 Red Hat Enterprise Linux ES (v. 3) SRPMS: gnupg-1.2.1-17.src.rpm 698a43061ce89f27bcd46eabd6f51230 IA-32: gnupg-1.2.1-17.i386.rpm 65fee1a3a471eb6c8e214ccef7bfe3fe IA-64: gnupg-1.2.1-17.ia64.rpm c1191a75f9ae45290f1c4524f2496a6c x86_64: gnupg-1.2.1-17.x86_64.rpm 258bae860c6fb917cf800fd3c1a18478 Red Hat Enterprise Linux ES (v. 4) SRPMS: gnupg-1.2.6-6.src.rpm 55db2b04516f48422fe35be762cfbe80 IA-32: gnupg-1.2.6-6.i386.rpm 41a2ad79f2fe8507b66405400735211a IA-64: gnupg-1.2.6-6.ia64.rpm bd78ca4648898a9d78ac79fc81a0b604 x86_64: gnupg-1.2.6-6.x86_64.rpm 2df9a26aa1f740d903a223973d815306 Red Hat Enterprise Linux WS (v. 2.1) SRPMS: gnupg-1.0.7-18.src.rpm 7b3112bfc84dafe30c00070c8cb09700 IA-32: gnupg-1.0.7-18.i386.rpm 958a64d9ec82066ab08da445199f6e75 Red Hat Enterprise Linux WS (v. 3) SRPMS: gnupg-1.2.1-17.src.rpm 698a43061ce89f27bcd46eabd6f51230 IA-32: gnupg-1.2.1-17.i386.rpm 65fee1a3a471eb6c8e214ccef7bfe3fe IA-64: gnupg-1.2.1-17.ia64.rpm c1191a75f9ae45290f1c4524f2496a6c x86_64: gnupg-1.2.1-17.x86_64.rpm 258bae860c6fb917cf800fd3c1a18478 Red Hat Enterprise Linux WS (v. 4) SRPMS: gnupg-1.2.6-6.src.rpm 55db2b04516f48422fe35be762cfbe80 IA-32: gnupg-1.2.6-6.i386.rpm 41a2ad79f2fe8507b66405400735211a IA-64: gnupg-1.2.6-6.ia64.rpm bd78ca4648898a9d78ac79fc81a0b604 x86_64: gnupg-1.2.6-6.x86_64.rpm 2df9a26aa1f740d903a223973d815306 Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor SRPMS: gnupg-1.0.7-18.src.rpm 7b3112bfc84dafe30c00070c8cb09700 IA-64: gnupg-1.0.7-18.ia64.rpm 0eae4ff0de57c02ed733997444eaf7bc (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 200502 - CVE-2006-3746 GnuPG Parse_Comment Remote Buffer Overflow References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3746 http://www.redhat.com/security/updates/classification/#moderate [***** End RHSA-2006:0615-4 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) Q-256: Adobe Acrobat Buffer Overflow Vulnerability Q-257: PHP Security Update Q-258: Mozilla (now SeaMonkey), Firefox, Thunderbird Security Vulnerabilities Q-259: Seamonkey Security Update Q-260: Security Vulnerability With Sun N1 Grid Engine Daemons Q-261: Ethereal Several Vulnerabilities Q-262: Sitebar Missing Input Validation Q-263: Apache Buffer Overflow Q-264: Security Vulnerability on Sun Fire T2000 Q-265: Apple Security Update