|
 |
| Thu, Dec 04th | home | browse | articles | contact | chat | submit | faq | newsletter | about | stats | scoop | 21:56 UTC |
|
|
login « register « recover password « |
|
|
|
We all know about the benefits of digitally signing email messages using OpenPGP-based software like GnuPG (or its older commercial counterpart, PGP). Imagine the same benefits applied to the world of the World Wide Web. [Comments are disabled]
When printing a text stream with a GPG signature it was possible for an attacker to create a stream with "unsigned text, signed text" where both unsigned and signed text would be shown without distinction which one was signed and which part wasn't. Fixed packages are available from ftp.suse.com. Links: ftp.suse.com [Comments are disabled]
GnuPG is a utility for encrypting data and creating digital signatures. Gerardo Richarte discovered that a number of applications that make use of GnuPG are prone to a vulnerability involving incorrect verification of signatures and encryption. An attacker could add arbitrary content to a signed message in such a way that a receiver of the message would not be able to distinguish between the properly signed parts of a message and the forged, unsigned, parts. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
Gerardo Richarte discovered that GnuPG, a free PGP replacement, provides insufficient user feedback if an OpenPGP message contains both unsigned and signed portions. Inserting text segments into an otherwise signed message could be exploited to forge the content of signed messages. This update prevents such attacks; the old behaviour can still be activated by passing the --allow-multiple-messages option. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
GnuPG is a utility for encrypting data and creating digital signatures. Gerardo Richarte discovered that a number of applications that make use of GnuPG are prone to a vulnerability involving incorrect verification of signatures and encryption. An attacker could add arbitrary content to a signed message in such a way that a receiver of the message would not be able to distinguish between the properly signed parts of a message and the forged, unsigned, parts. Whilst this is not a vulnerability in GnuPG itself, the GnuPG team have produced a patch to protect against messages with multiple plaintext packets. Users should update to these erratum packages which contain the backported patch for this issue. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
Two security problems were fixed in the GNU Privacy Guard (GPG). Specially crafted files could overflow a buffer when gpg was used in interactive mode. Specially crafted files could modify a function pointer and could potentially execute code this way. Fixed packages are available from ftp.suse.com. Links: ftp.suse.com [Comments are disabled]
Several remote vulnerabilities have been discovered in the GNU privacy, a free PGP replacement, which may lead to the execution of arbitrary code. Werner Koch discovered that a buffer overflow in a sanitising function may lead to execution of arbitrary code when running gnupg interactively. Tavis Ormandy discovered that parsing a carefully crafted OpenPGP packet may lead to the execution of arbitrary code, as a function pointer of an internal structure may be controlled through the decryption routines. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
GnuPG is a utility for encrypting data and creating digital signatures. Tavis Ormandy discovered a stack overwrite flaw in the way GnuPG decrypts messages. An attacker could create carefully crafted message that could cause GnuPG to execute arbitrary code if a victim attempts to decrypt the message. A heap based buffer overflow flaw was found in the way GnuPG constructs messages to be written to the terminal during an interactive session. An attacker could create a carefully crafted message which with user interaction could cause GnuPG to execute arbitrary code with the permissions of the user running GnuPG. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
Evgeny Legerov discovered that overly large comments can crash gnupg, the GNU privacy guard - a free PGP replacement. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
GnuPG is a utility for encrypting data and creating digital signatures. An integer overflow flaw was found in GnuPG. An attacker could create a carefully crafted message packet with a large length that could cause GnuPG to crash or possibly overwrite memory when opened. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
Evgeny Legerov discovered that gnupg, the GNU privacy guard, a free PGP replacement contains an integer overflow that can cause a segmentation fault and possibly overwrite memory via a large user ID strings. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
GnuPG is a utility for encrypting data and creating digital signatures. An integer overflow flaw was found in GnuPG. An attacker could create a carefully crafted message packet with a large length that could cause GnuPG to crash or possibly overwrite memory when opened. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
Evgeny Legerov discovered that gnupg, the GNU privacy guard, a free PGP replacement contains an integer overflow that can cause a segmentation fault and possibly overwrite memory via a large user ID strings. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
GnuPG is a utility for encrypting data and creating digital signatures. Tavis Ormandy discovered a bug in the way GnuPG verifies cryptographically signed data with detached signatures. It is possible for an attacker to construct a cryptographically signed message which could appear to come from a third party. When a victim processes a GnuPG message with a malformed detached signature, GnuPG ignores the malformed signature, processes and outputs the signed data, and exits with status 0, just as it would if the signature had been valid. In this case, GnuPG's exit status would not indicate that no signature verification had taken place. This issue would primarily be of concern when processing GnuPG results via an automated script. Tavis Ormandy also discovered a bug in the way GnuPG verifies cryptographically signed data with inline signatures. It is possible for an attacker to inject unsigned data into a signed message in such a way that when a victim processes the message to recover the data, the unsigned data is output along with the signed data, gaining the appearance of having been signed. This issue is mitigated in the GnuPG shipped with Red Hat Enterprise Linux as the --ignore-crc-error option must be passed to the gpg executable for this attack to be successful. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
Tavis Ormandy noticed that gnupg, the GNU privacy guard - a free PGP replacement, can be tricked to emit a "good signature" status message when a valid signature is included which does not belong to the data packet. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
The GNU Privacy Guard (GPG) allows crafting a message which could check out correct using "--verify", but would extract a different, potentially malicious content when using "-o --batch". The reason for this is that a .gpg or .asc file can contain multiple plain text and signature streams and the handling of these streams was only possible when correctly following the gpg state. The gpg "--verify" option has been changed to be way more strict than before and fail on files with multiple signatures/blocks to mitigate the problem of doing the common --verify checks and -o extraction. Fixed packages are available from ftp.suse.com. Links: ftp.suse.com [Comments are disabled]
With certain handcraftable signatures GPG was returning a 0 (valid signature) when used on command-line with option --verify. This could make automated checkers, like for instance the patch file verification checker of the YaST Online Update, pass malicious patch files as correct. Also, the YaST Online Update script signature verification had used a feature which was lost in gpg 1.4.x, making it possible to supply any kind of script which would be thought correct. This would also allow code execution. Fixed packages are available from ftp.suse.com. Links: ftp.suse.com [Comments are disabled]
Tavis Ormandy noticed that gnupg, the GNU privacy guard - a free PGP replacement, verifies external signatures of files successfully even though they don't contain a signature at all. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a compromise of almost all ElGamal keys used for signing. The update provided in DSA 459-1 disables the use of this type of key, using an interim fix. This update, DSA 459-2, implements a more correct and permanent fix provided by David Shaw. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a compromise of almost all ElGamal keys used for signing. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
|
|
