Security Advisory gnupg security update

Advisory: RHSA-2006:0571-4
Type: Security Advisory
Severity: Moderate
Issued on: 2006-07-18
Last updated on: 2006-07-18
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: N/A
CVEs (cve.mitre.org): CVE-2006-3082

Details

An updated GnuPG package that fixes a security issue is now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

GnuPG is a utility for encrypting data and creating digital signatures.

An integer overflow flaw was found in GnuPG. An attacker could create a
carefully crafted message packet with a large length that could cause GnuPG
to crash or possibly overwrite memory when opened. (CVE-2006-3082)

All users of GnuPG are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
gnupg-1.2.1-16.src.rpm
File outdated by:  RHSA-2007:0106		     f173b3d78ec867a2f3111bdf974a274f
 
IA-32:
gnupg-1.2.1-16.i386.rpm
File outdated by:  RHSA-2007:0106		     4a09e2928900d8a82c2d783c7eb2d296
 
x86_64:
gnupg-1.2.1-16.x86_64.rpm
File outdated by:  RHSA-2007:0106		     0e9ea49121b053d9a8bc67c50cf70673
 
Red Hat Desktop (v. 4)
SRPMS:
gnupg-1.2.6-5.src.rpm
File outdated by:  RHSA-2007:0106		     6cf00ad0b97c9731e07a34adc1965493
 
IA-32:
gnupg-1.2.6-5.i386.rpm
File outdated by:  RHSA-2007:0106		     47e0360b4534d7220dd01f5dbdf11d72
 
x86_64:
gnupg-1.2.6-5.x86_64.rpm
File outdated by:  RHSA-2007:0106		     64689932318e0b756e64d1b4cfd4c850
 
Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
gnupg-1.0.7-17.src.rpm
File outdated by:  RHSA-2007:0106		     fa7cfe6dfa03fa809e9b2af5147a7d51
 
IA-32:
gnupg-1.0.7-17.i386.rpm
File outdated by:  RHSA-2007:0106		     0cc151d11326fd2358805f4586a53184
 
IA-64:
gnupg-1.0.7-17.ia64.rpm
File outdated by:  RHSA-2007:0106		     c1b68462b1b4d696fa9e90e38f6f54d7
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
gnupg-1.2.1-16.src.rpm
File outdated by:  RHSA-2007:0106		     f173b3d78ec867a2f3111bdf974a274f
 
IA-32:
gnupg-1.2.1-16.i386.rpm
File outdated by:  RHSA-2007:0106		     4a09e2928900d8a82c2d783c7eb2d296
 
IA-64:
gnupg-1.2.1-16.ia64.rpm
File outdated by:  RHSA-2007:0106		     9e5c54d0ab18653e474d55b7dbf239f4
 
PPC:
gnupg-1.2.1-16.ppc.rpm
File outdated by:  RHSA-2007:0106		     950443789619df4f52cdf43ab0fec80c
 
s390:
gnupg-1.2.1-16.s390.rpm
File outdated by:  RHSA-2007:0106		     7e791472c18454f8f9a0e5efbee1ef87
 
s390x:
gnupg-1.2.1-16.s390x.rpm
File outdated by:  RHSA-2007:0106		     14b9d593377b1e01a1dae543cc1716ad
 
x86_64:
gnupg-1.2.1-16.x86_64.rpm
File outdated by:  RHSA-2007:0106		     0e9ea49121b053d9a8bc67c50cf70673
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
gnupg-1.2.6-5.src.rpm
File outdated by:  RHSA-2007:0106		     6cf00ad0b97c9731e07a34adc1965493
 
IA-32:
gnupg-1.2.6-5.i386.rpm
File outdated by:  RHSA-2007:0106		     47e0360b4534d7220dd01f5dbdf11d72
 
IA-64:
gnupg-1.2.6-5.ia64.rpm
File outdated by:  RHSA-2007:0106		     8bcbf0ee44c28eda3700601462f8f279
 
PPC:
gnupg-1.2.6-5.ppc.rpm
File outdated by:  RHSA-2007:0106		     b5441d9d4ade66a04f4cdea1ddbdd307
 
s390:
gnupg-1.2.6-5.s390.rpm
File outdated by:  RHSA-2007:0106		     d7b5cfdd8c6f094a296c158922fe9b2e
 
s390x:
gnupg-1.2.6-5.s390x.rpm
File outdated by:  RHSA-2007:0106		     5d50e214254980abd03cd087eacf35bd
 
x86_64:
gnupg-1.2.6-5.x86_64.rpm
File outdated by:  RHSA-2007:0106		     64689932318e0b756e64d1b4cfd4c850
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
gnupg-1.0.7-17.src.rpm
File outdated by:  RHSA-2007:0106		     fa7cfe6dfa03fa809e9b2af5147a7d51
 
IA-32:
gnupg-1.0.7-17.i386.rpm
File outdated by:  RHSA-2007:0106		     0cc151d11326fd2358805f4586a53184
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
gnupg-1.2.1-16.src.rpm
File outdated by:  RHSA-2007:0106		     f173b3d78ec867a2f3111bdf974a274f
 
IA-32:
gnupg-1.2.1-16.i386.rpm
File outdated by:  RHSA-2007:0106		     4a09e2928900d8a82c2d783c7eb2d296
 
IA-64:
gnupg-1.2.1-16.ia64.rpm
File outdated by:  RHSA-2007:0106		     9e5c54d0ab18653e474d55b7dbf239f4
 
x86_64:
gnupg-1.2.1-16.x86_64.rpm
File outdated by:  RHSA-2007:0106		     0e9ea49121b053d9a8bc67c50cf70673
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
gnupg-1.2.6-5.src.rpm
File outdated by:  RHSA-2007:0106		     6cf00ad0b97c9731e07a34adc1965493
 
IA-32:
gnupg-1.2.6-5.i386.rpm
File outdated by:  RHSA-2007:0106		     47e0360b4534d7220dd01f5dbdf11d72
 
IA-64:
gnupg-1.2.6-5.ia64.rpm
File outdated by:  RHSA-2007:0106		     8bcbf0ee44c28eda3700601462f8f279
 
x86_64:
gnupg-1.2.6-5.x86_64.rpm
File outdated by:  RHSA-2007:0106		     64689932318e0b756e64d1b4cfd4c850
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
gnupg-1.0.7-17.src.rpm
File outdated by:  RHSA-2007:0106		     fa7cfe6dfa03fa809e9b2af5147a7d51
 
IA-32:
gnupg-1.0.7-17.i386.rpm
File outdated by:  RHSA-2007:0106		     0cc151d11326fd2358805f4586a53184
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
gnupg-1.2.1-16.src.rpm
File outdated by:  RHSA-2007:0106		     f173b3d78ec867a2f3111bdf974a274f
 
IA-32:
gnupg-1.2.1-16.i386.rpm
File outdated by:  RHSA-2007:0106		     4a09e2928900d8a82c2d783c7eb2d296
 
IA-64:
gnupg-1.2.1-16.ia64.rpm
File outdated by:  RHSA-2007:0106		     9e5c54d0ab18653e474d55b7dbf239f4
 
x86_64:
gnupg-1.2.1-16.x86_64.rpm
File outdated by:  RHSA-2007:0106		     0e9ea49121b053d9a8bc67c50cf70673
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
gnupg-1.2.6-5.src.rpm
File outdated by:  RHSA-2007:0106		     6cf00ad0b97c9731e07a34adc1965493
 
IA-32:
gnupg-1.2.6-5.i386.rpm
File outdated by:  RHSA-2007:0106		     47e0360b4534d7220dd01f5dbdf11d72
 
IA-64:
gnupg-1.2.6-5.ia64.rpm
File outdated by:  RHSA-2007:0106		     8bcbf0ee44c28eda3700601462f8f279
 
x86_64:
gnupg-1.2.6-5.x86_64.rpm
File outdated by:  RHSA-2007:0106		     64689932318e0b756e64d1b4cfd4c850
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
gnupg-1.0.7-17.src.rpm
File outdated by:  RHSA-2007:0106		     fa7cfe6dfa03fa809e9b2af5147a7d51
 
IA-64:
gnupg-1.0.7-17.ia64.rpm
File outdated by:  RHSA-2007:0106		     c1b68462b1b4d696fa9e90e38f6f54d7
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

195945 - CVE-2006-3082 gnupg integer overflow


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3082
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/