Bug 37841 – gnupg: Multiple issues (4.0)

Bug 37841 - gnupg: Multiple issues (4.0)


Summary:	gnupg: Multiple issues (4.0)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.0
Hardware:	Other Linux

Importance:	P2 normal (vote)
Target Milestone:	UCS 4.0-1-errata
Assigned To:	Janek Walkenhorst
QA Contact:	Philipp Hahn

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2015-02-18 19:58 CET by Arvid Requate
Modified:	2015-03-25 16:39 CET (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Security
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2015-02-18 19:58:35 CET

CVE-2015-1606: use after free when using non-standard keyring
CVE-2015-1607: memcpy with overlapping ranges when using non-standard keyring

Comment 1 Moritz Muehlenhoff

2015-03-03 06:44:18 CET

Side-channel attack on El-Gamal keys (CVE-2014-3591)
Side-channel attack in the mpi_pow() function (CVE-2015-0837)

Comment 2 Moritz Muehlenhoff

2015-03-13 11:24:49 CET

(In reply to Arvid Requate from comment #0)
> CVE-2015-1607: memcpy with overlapping ranges when using non-standard keyring

This won't be fixed in Debian stable; the patch is very intrusive and the impact of the security bug is marginal (only triggerable when importing malformed keyring data). As such, it won't be fixed in UCS either.

Comment 3 Janek Walkenhorst

2015-03-19 18:02:21 CET

Tests (i386): OK
Advisory: 2015-03-19-gnupg.yaml

Comment 4 Philipp Hahn

2015-03-20 15:01:45 CET

OK: apt-cache policy gnupg # 1.4.12-7.66.201503191340
OK: aptitude install '?source-package(gnupg)?installed' # i386 #amd64
OK: zless /usr/share/doc/gnupg/changelog.Debian.gz
OK: gpg --dearmor <debian/patches/CVE-2015-1606.patch >./FILE ; gpg --no-default-keyring --keyring ./FILE --export >/dev/null
  OLD: gpg: Segmentation fault caught ... exiting
  NEW: gpg: skipped packet of type 11 in keyring
OK: CVE-2015-1606 CVE-2014-3591 CVE-2015-0837
OK: 2015-03-19-gnupg.yaml
OK: errata-announce -V 2015-03-19-gnupg.yaml

Comment 5 Janek Walkenhorst

2015-03-25 16:39:56 CET

<http://errata.univention.de/ucs/4.0/137.html>