=========================================================== Ubuntu Security Notice USN-304-1 June 26, 2006 gnupg vulnerability CVE-2006-3082 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: gnupg 1.2.5-3ubuntu5.4 Ubuntu 5.10: gnupg 1.4.1-1ubuntu1.3 Ubuntu 6.06 LTS: gnupg 1.4.2.2-1ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Evgeny Legerov discovered that GnuPG did not sufficiently check overly large user ID packets. Specially crafted user IDs caused a buffer overflow. By tricking an user or remote automated system into processing a malicous GnuPG message, an attacker could exploit this to crash GnuPG or possibly even execute arbitrary code. Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.4.diff.gz Size/MD5: 66657 258c3a5166f20a0859a3137a0154e661 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.4.dsc Size/MD5: 654 7d0e00dfc3d9c8008fa863ad082a8244 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5.orig.tar.gz Size/MD5: 3645308 9109ff94f7a502acd915a6e61d28d98a amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.4_amd64.deb Size/MD5: 805972 eb80d914280ca0d14e518c2517303fca http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.4_amd64.udeb Size/MD5: 146410 b1fe302ef21bb1b2a861dca1648671c8 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.4_i386.deb Size/MD5: 750660 f7799aacd286de91cf1590d47f092fbf http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.4_i386.udeb Size/MD5: 121398 d3908ec7b4a400c372a887ffff90cd5c powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.4_powerpc.deb Size/MD5: 806578 76656bbbce1e59dee14a07c4d06c9169 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.4_powerpc.udeb Size/MD5: 135516 57192001042e37f1597cbe8d4cc96397 Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.3.diff.gz Size/MD5: 21031 d2e00314a6319c80e40af374299b3cdb http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.3.dsc Size/MD5: 684 65b8ffc1c7f51d2920496eddadfb1236 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1.orig.tar.gz Size/MD5: 4059170 1cc77c6943baaa711222e954bbd785e5 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.3_amd64.deb Size/MD5: 1136302 5b871cea504e1b520ac61ee0ace19452 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.3_amd64.udeb Size/MD5: 152178 97622cf5abc3f4923281d08536f816c0 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.3_i386.deb Size/MD5: 1044392 30c94fae4dbc994eed85d226b226a938 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.3_i386.udeb Size/MD5: 130644 216ff1f2393a2dd5bf5c814a5f33ae9f powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.3_powerpc.deb Size/MD5: 1119498 67ad3b4a3254334e85bd659e24a65bea http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.3_powerpc.udeb Size/MD5: 140162 38a01b4e3f447f6cd340d6d17b714180 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.3_sparc.deb Size/MD5: 1064176 4e4e2671d46f266792d6693208bd5b34 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.3_sparc.udeb Size/MD5: 139584 9d840a2108b3d999e8b0ad620a262f69 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.1.diff.gz Size/MD5: 19943 a04a4bdf67d9e86d15c8b89312b455e5 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.1.dsc Size/MD5: 692 90847403acb4d359f8b75ad345985b9d http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2.orig.tar.gz Size/MD5: 4222685 50d8fd9c5715ff78b7db0e5f20d08550 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.1_amd64.deb Size/MD5: 1066042 bb06afba5075ee71763b6391959cd074 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.1_amd64.udeb Size/MD5: 140274 3bfce59e90c5d356c743e0f7612ad2a6 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.1_i386.deb Size/MD5: 980840 4c677c20e0684b1271cc6606ab17a923 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.1_i386.udeb Size/MD5: 120298 cb027ca2dac06902a764a40ca2f02fe4 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.1_powerpc.deb Size/MD5: 1053332 20b7f093e43c9b8ea71c4860d4d312ae http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.1_powerpc.udeb Size/MD5: 130084 5035c386a599e112167cefd04964c911 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.1_sparc.deb Size/MD5: 993688 3aaaa181b7a003539bda014a71296b72 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.1_sparc.udeb Size/MD5: 127372 0f86bc1b29af92d85382e4d7bee4129d