Skip to navigation

Security Advisory gnupg security update

Advisory: RHSA-2006:0615-4
Type: Security Advisory
Severity: Moderate
Issued on: 2006-08-02
Last updated on: 2006-08-02
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2006-3746

Details

Updated GnuPG packages that fix a security issue is now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

GnuPG is a utility for encrypting data and creating digital signatures.

An integer overflow flaw was found in GnuPG. An attacker could create a
carefully crafted message packet with a large length that could cause GnuPG
to crash or possibly overwrite memory when opened. (CVE-2006-3746)

All users of GnuPG are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)

IA-32:
gnupg-1.2.1-17.i386.rpm
File outdated by:  RHSA-2007:0106
    MD5: 65fee1a3a471eb6c8e214ccef7bfe3fe
 
x86_64:
gnupg-1.2.1-17.x86_64.rpm
File outdated by:  RHSA-2007:0106
    MD5: 258bae860c6fb917cf800fd3c1a18478
 
Red Hat Desktop (v. 4)

SRPMS:
gnupg-1.2.6-6.src.rpm
File outdated by:  RHBA-2010:0447
    MD5: 55db2b04516f48422fe35be762cfbe80
 
IA-32:
gnupg-1.2.6-6.i386.rpm
File outdated by:  RHBA-2010:0447
    MD5: 41a2ad79f2fe8507b66405400735211a
 
x86_64:
gnupg-1.2.6-6.x86_64.rpm
File outdated by:  RHBA-2010:0447
    MD5: 2df9a26aa1f740d903a223973d815306
 
Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
gnupg-1.0.7-18.src.rpm
File outdated by:  RHSA-2007:0106
    MD5: 7b3112bfc84dafe30c00070c8cb09700
 
IA-32:
gnupg-1.0.7-18.i386.rpm
File outdated by:  RHSA-2007:0106
    MD5: 958a64d9ec82066ab08da445199f6e75
 
IA-64:
gnupg-1.0.7-18.ia64.rpm
File outdated by:  RHSA-2007:0106
    MD5: 0eae4ff0de57c02ed733997444eaf7bc
 
Red Hat Enterprise Linux AS (v. 3)

IA-32:
gnupg-1.2.1-17.i386.rpm
File outdated by:  RHSA-2007:0106
    MD5: 65fee1a3a471eb6c8e214ccef7bfe3fe
 
IA-64:
gnupg-1.2.1-17.ia64.rpm
File outdated by:  RHSA-2007:0106
    MD5: c1191a75f9ae45290f1c4524f2496a6c
 
PPC:
gnupg-1.2.1-17.ppc.rpm
File outdated by:  RHSA-2007:0106
    MD5: ce9d270a17b85a449bd6edc71ca6e10b
 
s390:
gnupg-1.2.1-17.s390.rpm
File outdated by:  RHSA-2007:0106
    MD5: 580852ff5bbef0d3a7c24abca0e3610c
 
s390x:
gnupg-1.2.1-17.s390x.rpm
File outdated by:  RHSA-2007:0106
    MD5: e9d583a9471b453ce627e84dca5a9ccc
 
x86_64:
gnupg-1.2.1-17.x86_64.rpm
File outdated by:  RHSA-2007:0106
    MD5: 258bae860c6fb917cf800fd3c1a18478
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
gnupg-1.2.6-6.src.rpm
File outdated by:  RHBA-2010:0447
    MD5: 55db2b04516f48422fe35be762cfbe80
 
IA-32:
gnupg-1.2.6-6.i386.rpm
File outdated by:  RHBA-2010:0447
    MD5: 41a2ad79f2fe8507b66405400735211a
 
IA-64:
gnupg-1.2.6-6.ia64.rpm
File outdated by:  RHBA-2010:0447
    MD5: bd78ca4648898a9d78ac79fc81a0b604
 
PPC:
gnupg-1.2.6-6.ppc.rpm
File outdated by:  RHBA-2010:0447
    MD5: 8aa392d26563d4b4654e7a379503614a
 
s390:
gnupg-1.2.6-6.s390.rpm
File outdated by:  RHBA-2010:0447
    MD5: db61ab7f02568b32b6cc898f09f02276
 
s390x:
gnupg-1.2.6-6.s390x.rpm
File outdated by:  RHBA-2010:0447
    MD5: cc2f486af4a032b4aa8663f2b66f5dcd
 
x86_64:
gnupg-1.2.6-6.x86_64.rpm
File outdated by:  RHBA-2010:0447
    MD5: 2df9a26aa1f740d903a223973d815306
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
gnupg-1.0.7-18.src.rpm
File outdated by:  RHSA-2007:0106
    MD5: 7b3112bfc84dafe30c00070c8cb09700
 
IA-32:
gnupg-1.0.7-18.i386.rpm
File outdated by:  RHSA-2007:0106
    MD5: 958a64d9ec82066ab08da445199f6e75
 
Red Hat Enterprise Linux ES (v. 3)

IA-32:
gnupg-1.2.1-17.i386.rpm
File outdated by:  RHSA-2007:0106
    MD5: 65fee1a3a471eb6c8e214ccef7bfe3fe
 
IA-64:
gnupg-1.2.1-17.ia64.rpm
File outdated by:  RHSA-2007:0106
    MD5: c1191a75f9ae45290f1c4524f2496a6c
 
x86_64:
gnupg-1.2.1-17.x86_64.rpm
File outdated by:  RHSA-2007:0106
    MD5: 258bae860c6fb917cf800fd3c1a18478
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
gnupg-1.2.6-6.src.rpm
File outdated by:  RHBA-2010:0447
    MD5: 55db2b04516f48422fe35be762cfbe80
 
IA-32:
gnupg-1.2.6-6.i386.rpm
File outdated by:  RHBA-2010:0447
    MD5: 41a2ad79f2fe8507b66405400735211a
 
IA-64:
gnupg-1.2.6-6.ia64.rpm
File outdated by:  RHBA-2010:0447
    MD5: bd78ca4648898a9d78ac79fc81a0b604
 
x86_64:
gnupg-1.2.6-6.x86_64.rpm
File outdated by:  RHBA-2010:0447
    MD5: 2df9a26aa1f740d903a223973d815306
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
gnupg-1.0.7-18.src.rpm
File outdated by:  RHSA-2007:0106
    MD5: 7b3112bfc84dafe30c00070c8cb09700
 
IA-32:
gnupg-1.0.7-18.i386.rpm
File outdated by:  RHSA-2007:0106
    MD5: 958a64d9ec82066ab08da445199f6e75
 
Red Hat Enterprise Linux WS (v. 3)

IA-32:
gnupg-1.2.1-17.i386.rpm
File outdated by:  RHSA-2007:0106
    MD5: 65fee1a3a471eb6c8e214ccef7bfe3fe
 
IA-64:
gnupg-1.2.1-17.ia64.rpm
File outdated by:  RHSA-2007:0106
    MD5: c1191a75f9ae45290f1c4524f2496a6c
 
x86_64:
gnupg-1.2.1-17.x86_64.rpm
File outdated by:  RHSA-2007:0106
    MD5: 258bae860c6fb917cf800fd3c1a18478
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
gnupg-1.2.6-6.src.rpm
File outdated by:  RHBA-2010:0447
    MD5: 55db2b04516f48422fe35be762cfbe80
 
IA-32:
gnupg-1.2.6-6.i386.rpm
File outdated by:  RHBA-2010:0447
    MD5: 41a2ad79f2fe8507b66405400735211a
 
IA-64:
gnupg-1.2.6-6.ia64.rpm
File outdated by:  RHBA-2010:0447
    MD5: bd78ca4648898a9d78ac79fc81a0b604
 
x86_64:
gnupg-1.2.6-6.x86_64.rpm
File outdated by:  RHBA-2010:0447
    MD5: 2df9a26aa1f740d903a223973d815306
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
gnupg-1.0.7-18.src.rpm
File outdated by:  RHSA-2007:0106
    MD5: 7b3112bfc84dafe30c00070c8cb09700
 
IA-64:
gnupg-1.0.7-18.ia64.rpm
File outdated by:  RHSA-2007:0106
    MD5: 0eae4ff0de57c02ed733997444eaf7bc
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

200502 - CVE-2006-3746 GnuPG Parse_Comment Remote Buffer Overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/