Säkerhetsbulletin från Debian

DSA-2076-1 gnupg2 -- användande efter frisläppande

Rapporterat den:
2010-07-27
Berörda paket:
gnupg2
Sårbara:
Ja
Referenser i säkerhetsdatabaser:
I Debians felrapporteringssystem: Fel 590122.
I Mitres CVE-förteckning: CVE-2010-2547.
Ytterligare information:

Det upptäcktes att GnuPG 2 använde en frisläppt pekare vid verifiering av en signatur eller vid import av ett certifikat med flera Subject Alternate Names. Detta kunde möjligen leda till exekvering av godtycklig kod.

För den stabila utgåvan (Lenny) har detta problem rättats i version 2.0.9-3.1+lenny1.

För den instabila utgåvan (Sid) har detta problem rättats i version 2.0.14-2.

GnuPG 1 (i paketet gnupg) påverkas inte av detta problem.

Vi rekommenderar att ni uppgraderar era gnupg2-paket.

Rättat i:

Debian GNU/Linux 5.0 (lenny)

Källkod:
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1.dsc
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1.diff.gz
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_2.0.9-3.1+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_2.0.9-3.1+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_2.0.9-3.1+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_2.0.9-3.1+lenny1_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_2.0.9-3.1+lenny1_arm.deb
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_2.0.9-3.1+lenny1_arm.deb
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1_arm.deb
ARM EABI:
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_2.0.9-3.1+lenny1_armel.deb
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1_armel.deb
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_2.0.9-3.1+lenny1_armel.deb
HP Precision:
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_2.0.9-3.1+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_2.0.9-3.1+lenny1_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_2.0.9-3.1+lenny1_i386.deb
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1_i386.deb
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_2.0.9-3.1+lenny1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_2.0.9-3.1+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_2.0.9-3.1+lenny1_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_2.0.9-3.1+lenny1_mips.deb
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1_mips.deb
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_2.0.9-3.1+lenny1_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_2.0.9-3.1+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_2.0.9-3.1+lenny1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_2.0.9-3.1+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_2.0.9-3.1+lenny1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_2.0.9-3.1+lenny1_s390.deb
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1_s390.deb
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_2.0.9-3.1+lenny1_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_2.0.9-3.1+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_2.0.9-3.1+lenny1_sparc.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.