Skip to navigation

Security Advisory Moderate: gnupg security update

Advisory: RHSA-2013:1458-1
Type: Security Advisory
Severity: Moderate
Issued on: 2013-10-24
Last updated on: 2013-10-24
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2012-6085
CVE-2013-4242
CVE-2013-4351
CVE-2013-4402

Details

An updated gnupg package that fixes multiple security issues is now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and
creating digital signatures, compliant with the proposed OpenPGP Internet
standard and the S/MIME standard.

It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload
cache side-channel attack on the RSA secret exponent. An attacker able to
execute a process on the logical CPU that shared the L3 cache with the
GnuPG process (such as a different local user or a user of a KVM guest
running on the same host with the kernel same-page merging functionality
enabled) could possibly use this flaw to obtain portions of the RSA secret
key. (CVE-2013-4242)

A denial of service flaw was found in the way GnuPG parsed certain
compressed OpenPGP packets. An attacker could use this flaw to send
specially crafted input data to GnuPG, making GnuPG enter an infinite loop
when parsing data. (CVE-2013-4402)

It was found that importing a corrupted public key into a GnuPG keyring
database corrupted that keyring. An attacker could use this flaw to trick a
local user into importing a specially crafted public key into their keyring
database, causing the keyring to be corrupted and preventing its further
use. (CVE-2012-6085)

It was found that GnuPG did not properly interpret the key flags in a PGP
key packet. GPG could accept a key for uses not indicated by its holder.
(CVE-2013-4351)

Red Hat would like to thank Werner Koch for reporting the CVE-2013-4402
issue. Upstream acknowledges Taylor R Campbell as the original reporter.

All gnupg users are advised to upgrade to this updated package, which
contains backported patches to correct these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
gnupg-1.4.5-18.el5_10.src.rpm
File outdated by:  RHSA-2014:0016
    MD5: c4c7a1180db496b267890d73f9f69efe
SHA-256: 2bf142808cee3be183db87f407df4410e35045abade9b63f5d9b3eb3ac7af49f
 
IA-32:
gnupg-1.4.5-18.el5_10.i386.rpm
File outdated by:  RHSA-2014:0016
    MD5: e020433bceca90d4f17be300d920b98e
SHA-256: 3bb2ed136422bfe5156ced65491a9b75a9b9842519b3b7bd83093b1b624a8d60
gnupg-debuginfo-1.4.5-18.el5_10.i386.rpm
File outdated by:  RHSA-2014:0016
    MD5: 04ec91241adee606ce95a9a00cb4bdd9
SHA-256: 8664300a2065fc95032de7e80ba8e82c738486970516e7a7912e2797b2461e5d
 
IA-64:
gnupg-1.4.5-18.el5_10.ia64.rpm
File outdated by:  RHSA-2014:0016
    MD5: fc9b9d485a31239c1ca89a68b6023945
SHA-256: 3c4509ab41572c8c8933d30355f756a8da67b83a38a0b18afb0c5333001ecd6b
gnupg-debuginfo-1.4.5-18.el5_10.ia64.rpm
File outdated by:  RHSA-2014:0016
    MD5: 8da287f3e9526d0762e99a676bdcf794
SHA-256: 0c53193c3d626ca0288982d3e0feef85f507c945edc7f5cee1230b9389144036
 
PPC:
gnupg-1.4.5-18.el5_10.ppc.rpm
File outdated by:  RHSA-2014:0016
    MD5: 7de6d02429a5646d5e41eea0e5d59731
SHA-256: 31790efbbd1e6cc39202f61200955894e24b992a329ff20f53c60276dae52e6c
gnupg-debuginfo-1.4.5-18.el5_10.ppc.rpm
File outdated by:  RHSA-2014:0016
    MD5: 3a1dce1d93c2313654dd40ddd0259a40
SHA-256: 5161c653fdb63731c5fbf17b66164a8546300b8ff284ecd549cbf9d4cd98b594
 
s390x:
gnupg-1.4.5-18.el5_10.s390x.rpm
File outdated by:  RHSA-2014:0016
    MD5: 989f0d9a45d139a3ffe1be3af6ae77bb
SHA-256: e7b07110b47af9db137ae74dec960faa1385e2f2382c8fb33a0c35a4e73200b8
gnupg-debuginfo-1.4.5-18.el5_10.s390x.rpm
File outdated by:  RHSA-2014:0016
    MD5: dbf31634362c54d4abf24a748d0b4b9c
SHA-256: 050f3563c1991ec5d1e862461e72d8356fdde7b20f63ce4f64f869684c4f1dbe
 
x86_64:
gnupg-1.4.5-18.el5_10.x86_64.rpm
File outdated by:  RHSA-2014:0016
    MD5: 9562bdff0b16c96a72ba1a2bb06238f2
SHA-256: 252436c5f6d56fca4f83f278f66d42984533a860284ee065955f05b24082173c
gnupg-debuginfo-1.4.5-18.el5_10.x86_64.rpm
File outdated by:  RHSA-2014:0016
    MD5: 09fb23d3f2f469e58e94d0b12ddaceb7
SHA-256: 89a67d3b7e5048f6a4f0e7060cc9804ec932718006a1032b67aab0e2b6d8c8c4
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
gnupg-1.4.5-18.el5_10.src.rpm
File outdated by:  RHSA-2014:0016
    MD5: c4c7a1180db496b267890d73f9f69efe
SHA-256: 2bf142808cee3be183db87f407df4410e35045abade9b63f5d9b3eb3ac7af49f
 
IA-32:
gnupg-1.4.5-18.el5_10.i386.rpm
File outdated by:  RHSA-2014:0016
    MD5: e020433bceca90d4f17be300d920b98e
SHA-256: 3bb2ed136422bfe5156ced65491a9b75a9b9842519b3b7bd83093b1b624a8d60
gnupg-debuginfo-1.4.5-18.el5_10.i386.rpm
File outdated by:  RHSA-2014:0016
    MD5: 04ec91241adee606ce95a9a00cb4bdd9
SHA-256: 8664300a2065fc95032de7e80ba8e82c738486970516e7a7912e2797b2461e5d
 
x86_64:
gnupg-1.4.5-18.el5_10.x86_64.rpm
File outdated by:  RHSA-2014:0016
    MD5: 9562bdff0b16c96a72ba1a2bb06238f2
SHA-256: 252436c5f6d56fca4f83f278f66d42984533a860284ee065955f05b24082173c
gnupg-debuginfo-1.4.5-18.el5_10.x86_64.rpm
File outdated by:  RHSA-2014:0016
    MD5: 09fb23d3f2f469e58e94d0b12ddaceb7
SHA-256: 89a67d3b7e5048f6a4f0e7060cc9804ec932718006a1032b67aab0e2b6d8c8c4
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1010137 - CVE-2013-4351 gnupg: treats no-usage-permitted keys as all-usages-permitted
1015685 - CVE-2013-4402 GnuPG: infinite recursion in the compressed packet parser DoS
891142 - CVE-2012-6085 GnuPG: read_block() corrupt key input validation
988589 - CVE-2013-4242 GnuPG susceptible to Yarom/Falkner flush+reload cache side-channel attack


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/