Bug 37841 - gnupg: Multiple issues (4.0)
gnupg: Multiple issues (4.0)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.0
Other Linux
: P2 normal (vote)
: UCS 4.0-1-errata
Assigned To: Janek Walkenhorst
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-02-18 19:58 CET by Arvid Requate
Modified: 2015-03-25 16:39 CET (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2015-02-18 19:58:35 CET
CVE-2015-1606: use after free when using non-standard keyring
CVE-2015-1607: memcpy with overlapping ranges when using non-standard keyring
Comment 1 Moritz Muehlenhoff univentionstaff 2015-03-03 06:44:18 CET
Side-channel attack on El-Gamal keys (CVE-2014-3591)
Side-channel attack in the mpi_pow() function (CVE-2015-0837)
Comment 2 Moritz Muehlenhoff univentionstaff 2015-03-13 11:24:49 CET
(In reply to Arvid Requate from comment #0)
> CVE-2015-1607: memcpy with overlapping ranges when using non-standard keyring

This won't be fixed in Debian stable; the patch is very intrusive and the impact of the security bug is marginal (only triggerable when importing malformed keyring data). As such, it won't be fixed in UCS either.
Comment 3 Janek Walkenhorst univentionstaff 2015-03-19 18:02:21 CET
Tests (i386): OK
Advisory: 2015-03-19-gnupg.yaml
Comment 4 Philipp Hahn univentionstaff 2015-03-20 15:01:45 CET
OK: apt-cache policy gnupg # 1.4.12-7.66.201503191340
OK: aptitude install '?source-package(gnupg)?installed' # i386 #amd64
OK: zless /usr/share/doc/gnupg/changelog.Debian.gz
OK: gpg --dearmor <debian/patches/CVE-2015-1606.patch >./FILE ; gpg --no-default-keyring --keyring ./FILE --export >/dev/null
  OLD: gpg: Segmentation fault caught ... exiting
  NEW: gpg: skipped packet of type 11 in keyring
OK: CVE-2015-1606 CVE-2014-3591 CVE-2015-0837
OK: 2015-03-19-gnupg.yaml
OK: errata-announce -V 2015-03-19-gnupg.yaml
Comment 5 Janek Walkenhorst univentionstaff 2015-03-25 16:39:56 CET
<http://errata.univention.de/ucs/4.0/137.html>