exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice 432-2

Ubuntu Security Notice 432-2
Posted Mar 14, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 432-2 - USN-432-1 fixed a vulnerability in GnuPG. This update provides the corresponding updates for GnuPG2 and the GPGME library. Gerardo Richarte from Core Security Technologies discovered that when gnupg is used without --status-fd, there is no way to distinguish initial unsigned messages from a following signed message. An attacker could inject an unsigned message, which could fool the user into thinking the message was entirely signed by the original sender.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2007-1263
SHA-256 | efd10c3a5bbef4bde937cd14206a894698209116719ed31936c3fa38bf151dd0

Ubuntu Security Notice 432-2

Change Mirror Download
=========================================================== 
Ubuntu Security Notice USN-432-2 March 13, 2007
gnupg2, gpgme1.0 vulnerability
CVE-2007-1263
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libgpgme11 1.1.0-1ubuntu0.1

Ubuntu 6.10:
gnupg2 1.9.21-0ubuntu5.3
libgpgme11 1.1.2-2ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-432-1 fixed a vulnerability in GnuPG. This update provides the
corresponding updates for GnuPG2 and the GPGME library.

Original advisory details:

Gerardo Richarte from Core Security Technologies discovered that when
gnupg is used without --status-fd, there is no way to distinguish
initial unsigned messages from a following signed message. An attacker
could inject an unsigned message, which could fool the user into
thinking the message was entirely signed by the original sender.


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gpgme1.0/gpgme1.0_1.1.0-1ubuntu0.1.diff.gz
Size/MD5: 35741 47d6ee190ee0522b45b96dfea1aec369
http://security.ubuntu.com/ubuntu/pool/main/g/gpgme1.0/gpgme1.0_1.1.0-1ubuntu0.1.dsc
Size/MD5: 659 536b60523f53fe45e9a715fee633fb8e
http://security.ubuntu.com/ubuntu/pool/main/g/gpgme1.0/gpgme1.0_1.1.0.orig.tar.gz
Size/MD5: 862122 dc180e1c2b3b13cf3b16b9586e8509ac

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/g/gpgme1.0/libgpgme11-dev_1.1.0-1ubuntu0.1_amd64.deb
Size/MD5: 343394 ca1cd44964639c3b1ab517d71f02be7c
http://security.ubuntu.com/ubuntu/pool/main/g/gpgme1.0/libgpgme11_1.1.0-1ubuntu0.1_amd64.deb
Size/MD5: 185096 686c695bf758bdb35eb0277596b5d967

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/g/gpgme1.0/libgpgme11-dev_1.1.0-1ubuntu0.1_i386.deb
Size/MD5: 316162 787bcf93b93d4d846c4278caee3f298a
http://security.ubuntu.com/ubuntu/pool/main/g/gpgme1.0/libgpgme11_1.1.0-1ubuntu0.1_i386.deb
Size/MD5: 164356 a3e2c02f67687ed53c80023159a08513

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/g/gpgme1.0/libgpgme11-dev_1.1.0-1ubuntu0.1_powerpc.deb
Size/MD5: 329614 079a0ad9f7775de82b21bc8cd8b7e96b
http://security.ubuntu.com/ubuntu/pool/main/g/gpgme1.0/libgpgme11_1.1.0-1ubuntu0.1_powerpc.deb
Size/MD5: 178434 1430154f3bda638d607d3d00c9da736c

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/g/gpgme1.0/libgpgme11-dev_1.1.0-1ubuntu0.1_sparc.deb
Size/MD5: 316166 687a5a1e91979f26cf0453315e10aa85
http://security.ubuntu.com/ubuntu/pool/main/g/gpgme1.0/libgpgme11_1.1.0-1ubuntu0.1_sparc.deb
Size/MD5: 169754 90558aac05b3f71c98dcf5e089dfa37b

Updated packages for Ubuntu 6.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_1.9.21-0ubuntu5.3.diff.gz
Size/MD5: 40536 57bef9fd8e37b8d1f0c09c7cb6a1b4b6
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_1.9.21-0ubuntu5.3.dsc
Size/MD5: 839 3830cb1f96959bebba4560bf56cfb865
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_1.9.21.orig.tar.gz
Size/MD5: 2290952 5a609db8ecc661fb299c0dccd84ad503
http://security.ubuntu.com/ubuntu/pool/main/g/gpgme1.0/gpgme1.0_1.1.2-2ubuntu0.1.diff.gz
Size/MD5: 582785 ffc28a1ddf242c1434054c611b3e56e7
http://security.ubuntu.com/ubuntu/pool/main/g/gpgme1.0/gpgme1.0_1.1.2-2ubuntu0.1.dsc
Size/MD5: 744 59ff64cec62d3259528e4dcb314115b0
http://security.ubuntu.com/ubuntu/pool/main/g/gpgme1.0/gpgme1.0_1.1.2.orig.tar.gz
Size/MD5: 881432 c712ca39c3553573f15cd01e6edb8b68

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg-agent_1.9.21-0ubuntu5.3_amd64.deb
Size/MD5: 193872 094402a2b5d64a699a9b8da5f47891f1
http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg2_1.9.21-0ubuntu5.3_amd64.deb
Size/MD5: 787500 8198d070a8589a47f9b0c6893b101d89
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gpgsm_1.9.21-0ubuntu5.3_amd64.deb
Size/MD5: 333136 deb90b54b5d8ff98e2f8f3f8a96c4896
http://security.ubuntu.com/ubuntu/pool/main/g/gpgme1.0/libgpgme11-dev_1.1.2-2ubuntu0.1_amd64.deb
Size/MD5: 349736 8b6ba64e232718d85b20e01152d5e0b6
http://security.ubuntu.com/ubuntu/pool/main/g/gpgme1.0/libgpgme11_1.1.2-2ubuntu0.1_amd64.deb
Size/MD5: 188434 7f594bfa7c5a223fbc48dcd5063239f4

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg-agent_1.9.21-0ubuntu5.3_i386.deb
Size/MD5: 176266 4e191490d03c78bb16ae76ffdcc1f4ce
http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg2_1.9.21-0ubuntu5.3_i386.deb
Size/MD5: 738282 f26ac977c08ecc691c5428367b4b1196
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gpgsm_1.9.21-0ubuntu5.3_i386.deb
Size/MD5: 304926 124b1f54edc4902ddc9656fb6d56e2eb
http://security.ubuntu.com/ubuntu/pool/main/g/gpgme1.0/libgpgme11-dev_1.1.2-2ubuntu0.1_i386.deb
Size/MD5: 329932 fc9e1af3ae706db0bc106607f6f8c0d3
http://security.ubuntu.com/ubuntu/pool/main/g/gpgme1.0/libgpgme11_1.1.2-2ubuntu0.1_i386.deb
Size/MD5: 174936 c1f8f21e0adf999ea3098b3aaab4882e

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg-agent_1.9.21-0ubuntu5.3_powerpc.deb
Size/MD5: 190746 2da9f0306a14651ece00b85d41700391
http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg2_1.9.21-0ubuntu5.3_powerpc.deb
Size/MD5: 774174 fa48b523bc15d9e3590ff0739bceafb4
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gpgsm_1.9.21-0ubuntu5.3_powerpc.deb
Size/MD5: 324472 ef82785a6bdaea9009669d3024f6b0b4
http://security.ubuntu.com/ubuntu/pool/main/g/gpgme1.0/libgpgme11-dev_1.1.2-2ubuntu0.1_powerpc.deb
Size/MD5: 335252 ec105374c75dccf66afcfe154d34387f
http://security.ubuntu.com/ubuntu/pool/main/g/gpgme1.0/libgpgme11_1.1.2-2ubuntu0.1_powerpc.deb
Size/MD5: 182786 915534115d51065f3cfebc2b02b637e7

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg-agent_1.9.21-0ubuntu5.3_sparc.deb
Size/MD5: 174274 73230ada924427a5d5fc230b7d625b64
http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg2_1.9.21-0ubuntu5.3_sparc.deb
Size/MD5: 726564 3b0f3eb59acd4157913885ba1461567e
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gpgsm_1.9.21-0ubuntu5.3_sparc.deb
Size/MD5: 297776 8c76049329431405229dce046656b6b6
http://security.ubuntu.com/ubuntu/pool/main/g/gpgme1.0/libgpgme11-dev_1.1.2-2ubuntu0.1_sparc.deb
Size/MD5: 323808 8668135508773a2f41fde93153d786ff
http://security.ubuntu.com/ubuntu/pool/main/g/gpgme1.0/libgpgme11_1.1.2-2ubuntu0.1_sparc.deb
Size/MD5: 174140 9d305501f27c38e624b95788f6945736

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close