exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice 432-1

Ubuntu Security Notice 432-1
Posted Mar 9, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 432-1 - Gerardo Richarte from Core Security Technologies discovered that when gnupg is used without --status-fd, there is no way to distinguish initial unsigned messages from a following signed message. An attacker could inject an unsigned message, which could fool the user into thinking the message was entirely signed by the original sender.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2007-1263
SHA-256 | b20afc54d5ee0271c49512ca07738acf7c820aafc428e8929919d4c440074d7c

Ubuntu Security Notice 432-1

Change Mirror Download
=========================================================== 
Ubuntu Security Notice USN-432-1 March 08, 2007
gnupg vulnerability
CVE-2007-1263
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
gnupg 1.4.1-1ubuntu1.7

Ubuntu 6.06 LTS:
gnupg 1.4.2.2-1ubuntu2.5

Ubuntu 6.10:
gnupg 1.4.3-2ubuntu3.3

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Gerardo Richarte from Core Security Technologies discovered that when
gnupg is used without --status-fd, there is no way to distinguish
initial unsigned messages from a following signed message. An attacker
could inject an unsigned message, which could fool the user into
thinking the message was entirely signed by the original sender.


Updated packages for Ubuntu 5.10:

Source archives:

https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.7.diff.gz
Size/MD5: 25425 95c70d62c7e93b0a294250f1ef8bffbc
https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.7.dsc
Size/MD5: 684 80528a24f59f9dc0063a6640d49d2879
https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1.orig.tar.gz
Size/MD5: 4059170 1cc77c6943baaa711222e954bbd785e5

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.7_amd64.deb
Size/MD5: 1136974 ab221f5e755ffcb88f9db8be00d2b78c
https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.7_amd64.udeb
Size/MD5: 152330 4babe71c8a3f93bcc1169dfc60e47b89

i386 architecture (x86 compatible Intel/AMD)

https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.7_i386.deb
Size/MD5: 1045290 eeb54cf2e3b201b2c813507b537dae81
https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.7_i386.udeb
Size/MD5: 130812 86c1ee88f32bf5e4a35144d22e42024b

powerpc architecture (Apple Macintosh G3/G4/G5)

https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.7_powerpc.deb
Size/MD5: 1120350 8c0a11b1b29093e2a6fc198d93bee8f0
https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.7_powerpc.udeb
Size/MD5: 140330 8bf6e199e1ed859d65f015f8f5a6fe05

sparc architecture (Sun SPARC/UltraSPARC)

https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.7_sparc.deb
Size/MD5: 1065120 25a911b1644da3be8880221f002f8563
https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.7_sparc.udeb
Size/MD5: 139740 80e9a3c9748f918745c5417ea64ce06a

Updated packages for Ubuntu 6.06 LTS:

Source archives:

https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.5.diff.gz
Size/MD5: 24318 aa78ecc4d9dd51b8d4084e152093e6be
https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.5.dsc
Size/MD5: 690 460f793de7cea304ac0e038bf4e8f348
https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2.orig.tar.gz
Size/MD5: 4222685 50d8fd9c5715ff78b7db0e5f20d08550

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.5_amd64.deb
Size/MD5: 1066892 bebab8ec7afe738b426e080f10af9c37
https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.5_amd64.udeb
Size/MD5: 140414 8b9f2ca68439062984c4314ba5c0e2d8

i386 architecture (x86 compatible Intel/AMD)

https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.5_i386.deb
Size/MD5: 981952 bd95db0369ba517b3f29ec132676fcc5
https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.5_i386.udeb
Size/MD5: 120392 188d1f1cb3ec385c444e623d9efcadde

powerpc architecture (Apple Macintosh G3/G4/G5)

https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.5_powerpc.deb
Size/MD5: 1054420 0da3379c332cb3786933861ec66c9478
https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.5_powerpc.udeb
Size/MD5: 130262 c528d3f517f94a50ecd06a10b5767c84

sparc architecture (Sun SPARC/UltraSPARC)

https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.5_sparc.deb
Size/MD5: 994884 159220ec1a5c667a073e13e63380fd49
https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.5_sparc.udeb
Size/MD5: 127548 755511f26f78dd7744434601d684404b

Updated packages for Ubuntu 6.10:

Source archives:

https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3-2ubuntu3.3.diff.gz
Size/MD5: 29804 2f3b7d22a447212c871a1ca6ff754df7
https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3-2ubuntu3.3.dsc
Size/MD5: 697 54eb12ebf5f4426abe78eb286c32ec35
https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3.orig.tar.gz
Size/MD5: 4320394 fcdf572a33dd037653707b128dd150a7

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

https://security.ubuntu.com/ubuntu/pool/universe/g/gnupg/gnupg-udeb_1.4.3-2ubuntu3.3_amd64.udeb
Size/MD5: 380186 ac0b24986f64b7be4da102509f86ea27
https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3-2ubuntu3.3_amd64.deb
Size/MD5: 1112634 339bb8b52507096e2a1f9cb75864629f
https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.3-2ubuntu3.3_amd64.udeb
Size/MD5: 142772 a460f38f4669944e3c8cdbff531b4a41

i386 architecture (x86 compatible Intel/AMD)

https://security.ubuntu.com/ubuntu/pool/universe/g/gnupg/gnupg-udeb_1.4.3-2ubuntu3.3_i386.udeb
Size/MD5: 357730 08dee030fef6b31ba21b92d56b134cad
https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3-2ubuntu3.3_i386.deb
Size/MD5: 1056104 826246d40bdd92c0b04a0c0d385e4a64
https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.3-2ubuntu3.3_i386.udeb
Size/MD5: 129176 8d173c26de67072948c7f34dfceb75ae

powerpc architecture (Apple Macintosh G3/G4/G5)

https://security.ubuntu.com/ubuntu/pool/universe/g/gnupg/gnupg-udeb_1.4.3-2ubuntu3.3_powerpc.udeb
Size/MD5: 372730 c3dd8be3260d14e82a4af95f37c6616d
https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3-2ubuntu3.3_powerpc.deb
Size/MD5: 1107684 1a8a6be788ab4afd0c33483f5faa6a1f
https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.3-2ubuntu3.3_powerpc.udeb
Size/MD5: 136440 ee71f2b32e7e085488e134ba68f89122

sparc architecture (Sun SPARC/UltraSPARC)

https://security.ubuntu.com/ubuntu/pool/universe/g/gnupg/gnupg-udeb_1.4.3-2ubuntu3.3_sparc.udeb
Size/MD5: 366290 90570b1dafeb0a01862c5768579564a3
https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3-2ubuntu3.3_sparc.deb
Size/MD5: 1042784 e8b19dfe7705afbde9c54b223e44dcba
https://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.3-2ubuntu3.3_sparc.udeb
Size/MD5: 132868 edc923da480a84aa4d060c8d7be58be2

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close