Ubuntu Security Notice 970-1 - It was discovered that GPGSM in GnuPG2 did not correctly handle certificates with a large number of Subject Alternate Names. If a user or automated system were tricked into processing a specially crafted certificate, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.
d7bcec645912901061545ca9bcf57c0e030208a29b948c2923a6ce3ec1c00633
===========================================================
Ubuntu Security Notice USN-970-1 August 11, 2010
gnupg2 vulnerability
CVE-2010-2547
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
gpgsm 2.0.7-1ubuntu0.1
Ubuntu 9.04:
gpgsm 2.0.9-3.1ubuntu0.1
Ubuntu 9.10:
gpgsm 2.0.12-0ubuntu2.1
Ubuntu 10.04 LTS:
gpgsm 2.0.14-1ubuntu1.2
In general, a standard system update will make all the necessary changes.
Details follow:
It was discovered that GPGSM in GnuPG2 did not correctly handle
certificates with a large number of Subject Alternate Names. If a user or
automated system were tricked into processing a specially crafted
certificate, an attacker could cause a denial of service or execute
arbitrary code with privileges of the user invoking the program.
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_2.0.7-1ubuntu0.1.diff.gz
Size/MD5: 38357 9f9b19967950818429e79181c0a8e009
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_2.0.7-1ubuntu0.1.dsc
Size/MD5: 1049 959706cf178e4f2284f9514ad2195813
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_2.0.7.orig.tar.gz
Size/MD5: 5035162 edac843901373c9a3bb33c5c134a60c9
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg-agent_2.0.7-1ubuntu0.1_amd64.deb
Size/MD5: 285546 481108f98f893d984b2bbbee47ea6e42
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gpgsm_2.0.7-1ubuntu0.1_amd64.deb
Size/MD5: 441412 acc2db528cf2719e6566accae9d289bf
http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg2_2.0.7-1ubuntu0.1_amd64.deb
Size/MD5: 1140788 48b83a17ef51b15c9a002101d935e6a9
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg-agent_2.0.7-1ubuntu0.1_i386.deb
Size/MD5: 258500 c22829f163ac0f7aac143e050ea85169
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gpgsm_2.0.7-1ubuntu0.1_i386.deb
Size/MD5: 404416 537aaf300aefd33bf210fc031391d1b6
http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gnupg2_2.0.7-1ubuntu0.1_i386.deb
Size/MD5: 1076900 48e8b3be56b1f4bb4adc757d90c57ee5
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/g/gnupg2/gnupg-agent_2.0.7-1ubuntu0.1_lpia.deb
Size/MD5: 258120 44b69a516104e6ec001e7d3f4a7ba6f7
http://ports.ubuntu.com/pool/main/g/gnupg2/gpgsm_2.0.7-1ubuntu0.1_lpia.deb
Size/MD5: 404568 b39494268d8404271e34e4666892e2d3
http://ports.ubuntu.com/pool/universe/g/gnupg2/gnupg2_2.0.7-1ubuntu0.1_lpia.deb
Size/MD5: 1079478 2a78aa1f9261e69477449f660ae0d747
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/g/gnupg2/gnupg-agent_2.0.7-1ubuntu0.1_powerpc.deb
Size/MD5: 292912 d727881145b5086fd96cf548c2123cbf
http://ports.ubuntu.com/pool/main/g/gnupg2/gpgsm_2.0.7-1ubuntu0.1_powerpc.deb
Size/MD5: 444646 cea2f618e615e9ff26fb69d3bd1f24fd
http://ports.ubuntu.com/pool/universe/g/gnupg2/gnupg2_2.0.7-1ubuntu0.1_powerpc.deb
Size/MD5: 1156208 7dfa97127ae3281819dc270729cc6aa9
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/g/gnupg2/gnupg-agent_2.0.7-1ubuntu0.1_sparc.deb
Size/MD5: 256654 b09ba94083d721ad93f173ecd9d3126b
http://ports.ubuntu.com/pool/main/g/gnupg2/gpgsm_2.0.7-1ubuntu0.1_sparc.deb
Size/MD5: 398312 797ac0ee6888972787680368102c6aa8
http://ports.ubuntu.com/pool/universe/g/gnupg2/gnupg2_2.0.7-1ubuntu0.1_sparc.deb
Size/MD5: 1073772 f7f2db367693c941ae7017a538b4d736
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_2.0.9-3.1ubuntu0.1.diff.gz
Size/MD5: 40713 f7056736ec90ad76e433ee893b4dbd97
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_2.0.9-3.1ubuntu0.1.dsc
Size/MD5: 1483 37594fcfbe809d40002ee10cbea09c3e
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_2.0.9.orig.tar.gz
Size/MD5: 5198703 3b6b1742509f396d51528e0cd4c76a13
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg-agent_2.0.9-3.1ubuntu0.1_amd64.deb
Size/MD5: 318512 4ff8b15741e71ca1e3c638363b84aeae
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_2.0.9-3.1ubuntu0.1_amd64.deb
Size/MD5: 1234036 9e4b30bb8d89098395eed5e9b513bbc4
http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gpgsm_2.0.9-3.1ubuntu0.1_amd64.deb
Size/MD5: 465838 5435b39d54406c4343580fb2f809fc5d
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg-agent_2.0.9-3.1ubuntu0.1_i386.deb
Size/MD5: 289274 c428747d01cd120b40a3dedd44c31f16
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_2.0.9-3.1ubuntu0.1_i386.deb
Size/MD5: 1169762 ac02e769b48cd2893ece7eac3255d690
http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gpgsm_2.0.9-3.1ubuntu0.1_i386.deb
Size/MD5: 428896 c64a8863384d1dc158235715f406e6a5
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/g/gnupg2/gnupg-agent_2.0.9-3.1ubuntu0.1_lpia.deb
Size/MD5: 287360 2d3766c5c6e202814dba2d8112b81356
http://ports.ubuntu.com/pool/main/g/gnupg2/gnupg2_2.0.9-3.1ubuntu0.1_lpia.deb
Size/MD5: 1168018 01c76668fc8f19adc3aa781f9f4b1b17
http://ports.ubuntu.com/pool/universe/g/gnupg2/gpgsm_2.0.9-3.1ubuntu0.1_lpia.deb
Size/MD5: 425984 c0cf75eb2f9d329df75d657d31c6f3fc
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/g/gnupg2/gnupg-agent_2.0.9-3.1ubuntu0.1_powerpc.deb
Size/MD5: 319038 3a8849451868d3f8130fe672be42795b
http://ports.ubuntu.com/pool/main/g/gnupg2/gnupg2_2.0.9-3.1ubuntu0.1_powerpc.deb
Size/MD5: 1233954 3bbd99735490dec55b767fa1cb726319
http://ports.ubuntu.com/pool/universe/g/gnupg2/gpgsm_2.0.9-3.1ubuntu0.1_powerpc.deb
Size/MD5: 460092 80a46ecf08a5f01f9f5cb151c67c5733
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/g/gnupg2/gnupg-agent_2.0.9-3.1ubuntu0.1_sparc.deb
Size/MD5: 284242 c2ee3e14263c458bceef40caffecf807
http://ports.ubuntu.com/pool/main/g/gnupg2/gnupg2_2.0.9-3.1ubuntu0.1_sparc.deb
Size/MD5: 1156416 fced6a8224a39c0d55394e91774009fa
http://ports.ubuntu.com/pool/universe/g/gnupg2/gpgsm_2.0.9-3.1ubuntu0.1_sparc.deb
Size/MD5: 417652 5c122b6e9d4299715ac29d3d7d483ddf
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_2.0.12-0ubuntu2.1.diff.gz
Size/MD5: 45252 1256d26ad9afa14e3288fd1e8e8cbc05
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_2.0.12-0ubuntu2.1.dsc
Size/MD5: 1483 98ba32796b4984691f2104888a2cd2e8
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_2.0.12.orig.tar.gz
Size/MD5: 5391317 411b693bff73ed5461d1b07db2508349
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg-agent_2.0.12-0ubuntu2.1_amd64.deb
Size/MD5: 334704 037f7ca90b434879f8fbefbbdf36378a
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_2.0.12-0ubuntu2.1_amd64.deb
Size/MD5: 1246990 072e0ea6bb59fa3bbce4aff7b228a439
http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gpgsm_2.0.12-0ubuntu2.1_amd64.deb
Size/MD5: 524584 e62719dafbd7c2c5f99dbff4337a2d95
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg-agent_2.0.12-0ubuntu2.1_i386.deb
Size/MD5: 303270 c0e4aa5fcc89e00797b8c60d9b035290
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_2.0.12-0ubuntu2.1_i386.deb
Size/MD5: 1173948 fa77a48b18a4db35d6f28b576374d241
http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gpgsm_2.0.12-0ubuntu2.1_i386.deb
Size/MD5: 480382 9bb7f9b289720ed9938b07a9f7376825
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/g/gnupg2/gnupg-agent_2.0.12-0ubuntu2.1_lpia.deb
Size/MD5: 301810 ae46a0b80b14b8ab626019e6f097c588
http://ports.ubuntu.com/pool/main/g/gnupg2/gnupg2_2.0.12-0ubuntu2.1_lpia.deb
Size/MD5: 1177912 d26646f1fff53447dda0e5b29464ff77
http://ports.ubuntu.com/pool/universe/g/gnupg2/gpgsm_2.0.12-0ubuntu2.1_lpia.deb
Size/MD5: 478874 0771937dc12c25738c5395357f75f0d3
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/g/gnupg2/gnupg-agent_2.0.12-0ubuntu2.1_powerpc.deb
Size/MD5: 326554 02d61154b7f1a5d7c38a00b79356f3fd
http://ports.ubuntu.com/pool/main/g/gnupg2/gnupg2_2.0.12-0ubuntu2.1_powerpc.deb
Size/MD5: 1231128 e08169b0356a24c0d445275044ae8cb4
http://ports.ubuntu.com/pool/universe/g/gnupg2/gpgsm_2.0.12-0ubuntu2.1_powerpc.deb
Size/MD5: 509388 14bc48733e68c3d81b2c023740c1e749
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/g/gnupg2/gnupg-agent_2.0.12-0ubuntu2.1_sparc.deb
Size/MD5: 297952 8f11786784ff3a97571179469308f809
http://ports.ubuntu.com/pool/main/g/gnupg2/gnupg2_2.0.12-0ubuntu2.1_sparc.deb
Size/MD5: 1171980 7345b4b22127438996a37bca1c54a742
http://ports.ubuntu.com/pool/universe/g/gnupg2/gpgsm_2.0.12-0ubuntu2.1_sparc.deb
Size/MD5: 466618 167455d92f7460df840e538792349f33
Updated packages for Ubuntu 10.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_2.0.14-1ubuntu1.2.debian.tar.bz2
Size/MD5: 40744 9c03e96c6ecce9d40cea797553f87c5c
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_2.0.14-1ubuntu1.2.dsc
Size/MD5: 1515 cccd0c5394961ac8bcaa423ee356e473
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_2.0.14.orig.tar.bz2
Size/MD5: 3982080 54732a0a76d59646b7e0b682fb357c22
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg-agent_2.0.14-1ubuntu1.2_amd64.deb
Size/MD5: 328348 82f297f0a7bd001a778800919389431c
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_2.0.14-1ubuntu1.2_amd64.deb
Size/MD5: 1305582 eae9b9b47dc4560130407ac58eeb6d65
http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gpgsm_2.0.14-1ubuntu1.2_amd64.deb
Size/MD5: 522872 94f2aed0e1e80cae50c3e28f46f0c9b8
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg-agent_2.0.14-1ubuntu1.2_i386.deb
Size/MD5: 295938 c75aea5948dd4798dc75153c3d6ed24b
http://security.ubuntu.com/ubuntu/pool/main/g/gnupg2/gnupg2_2.0.14-1ubuntu1.2_i386.deb
Size/MD5: 1228066 24a6a91b9ac8360c7ee5f6d3487248d5
http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg2/gpgsm_2.0.14-1ubuntu1.2_i386.deb
Size/MD5: 478024 4713ca65fa253846edb89e3650ba65cb
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/g/gnupg2/gnupg-agent_2.0.14-1ubuntu1.2_powerpc.deb
Size/MD5: 320314 bb07ee6c242de814bba3694594649e44
http://ports.ubuntu.com/pool/main/g/gnupg2/gnupg2_2.0.14-1ubuntu1.2_powerpc.deb
Size/MD5: 1288430 7acd42de75cf7cf217034045df7f7100
http://ports.ubuntu.com/pool/universe/g/gnupg2/gpgsm_2.0.14-1ubuntu1.2_powerpc.deb
Size/MD5: 509500 03536d3309f849b078fc9825139f2998
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/g/gnupg2/gnupg-agent_2.0.14-1ubuntu1.2_sparc.deb
Size/MD5: 300336 d166d23c8fd65533290d65ee8759a072
http://ports.ubuntu.com/pool/main/g/gnupg2/gnupg2_2.0.14-1ubuntu1.2_sparc.deb
Size/MD5: 1247550 c586ab10d264eceb9539ca95737d7f44
http://ports.ubuntu.com/pool/universe/g/gnupg2/gpgsm_2.0.14-1ubuntu1.2_sparc.deb
Size/MD5: 479072 5035985afcd16f0a08fa896fe5b14cc7