=========================================================== 
Ubuntu Security Notice USN-393-2          December 07, 2006
gnupg2 vulnerabilities
CVE-2006-6169, CVE-2006-6235
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.10:
  gnupg2                                   1.9.21-0ubuntu5.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-389-1 and USN-393-1 fixed vulnerabilities in gnupg.  This update 
provides the corresponding updates for gnupg2.

Original advisory details:

  A buffer overflow was discovered in GnuPG.  By tricking a user into 
  running gpg interactively on a specially crafted message, an attacker 
  could execute arbitrary code with the user's privileges.  This 
  vulnerability is not exposed when running gpg in batch mode.  
  (CVE-2006-6169)

  Tavis Ormandy discovered that gnupg was incorrectly using the stack.  
  If a user were tricked into processing a specially crafted message, an 
  attacker could execute arbitrary code with the user's privileges.
  (CVE-2006-6235)


Updated packages for Ubuntu 6.10:

  Source archives:

          Size/MD5:    39057 24885457e44f2061c1a2ef98047357d4
          Size/MD5:      839 5786619a42c6768da183ec2c39d70541
          Size/MD5:  2290952 5a609db8ecc661fb299c0dccd84ad503

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:   193748 57618f27a79f42a3e9f66705ed0ab151
          Size/MD5:   787166 9641af8af591a9d61c3d9d77144aa320
          Size/MD5:   333002 a6d5f35e4fc7dc4c6a837862b269ddc1

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:   176170 3dc1e0b862fbf76905b61b20132812de
          Size/MD5:   737818 ab6d004d7fbf1b0850e6f6f4f09771d4
          Size/MD5:   304798 1d6b309f0690685ffa95d219750033dc

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:   190614 16cd71ed4d92b1203806ba50e638e9e0
          Size/MD5:   773762 56903ee4d39929254b3a4ac06a56a2c5
          Size/MD5:   324332 6b9152bd5753f974161c298d6fd6f894

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5:   174144 2e5e21144005113345e3abeef2b50496
          Size/MD5:   726244 5dc2d8b804a2a5276344b151a46e1346
          Size/MD5:   297640 5c27421fb28c63abac748419a05220bb


--D+UG5SQJKkIYNVx0
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFeHorH/9LqRcGPm0RApCbAJwNssfTCtMs+GKF5cpfaY4vmEJH0wCeOfuz
k4PVbiCwtIDvA6RvUpKYPKE=3K74
-----END PGP SIGNATURE-------D+UG5SQJKkIYNVx0--
--==============25060444=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--==============25060444==--

Ubuntu: GnuPG2 vulnerabilities

December 7, 2006
USN-389-1 and USN-393-1 fixed vulnerabilities in gnupg

Summary

Update Instructions

References

Severity
Ubuntu Security Notice USN-393-2 December 07, 2006

Package Information

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved