UbuntuUpdates.org

Package "gnupg2"

Name: gnupg2

Description:

GNU privacy guard - a free PGP replacement (new v2.x)

Latest version: 2.0.17-2ubuntu2.12.04.6
Release: precise (12.04)
Level: updates
Repository: main
Homepage: http://www.gnupg.org/

Links


Download "gnupg2"


Other versions of "gnupg2" in Precise

Repository Area Version
base main 2.0.17-2ubuntu2
security main 2.0.17-2ubuntu2.12.04.6

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.0.17-2ubuntu2.12.04.6 2015-04-01 16:06:52 UTC

  gnupg2 (2.0.17-2ubuntu2.12.04.6) precise-security; urgency=medium

  * Screen responses from keyservers (LP: #1409117)
    - d/p/0001-Screen-keyserver-responses.patch
    - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.patch
    - d/p/0003-Add-kbnode_t-for-easier-backporting.patch
    - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch
  * Fix large key size regression from CVE-2014-5270 changes (LP: #1371766)
    - d/p/Add-build-and-runtime-support-for-larger-RSA-key.patch
    - debian/rules: build with --enable-large-secmem
  * SECURITY UPDATE: invalid memory read via invalid keyring
    - debian/patches/CVE-2015-1606.patch: skip all packets not allowed in
      a keyring in g10/keyring.c.
    - CVE-2015-1606
  * SECURITY UPDATE: memcpy with overlapping ranges
    - debian/patches/CVE-2015-1607.patch: use inline functions to convert
      buffer data to scalars in common/iobuf.c, g10/build-packet.c,
      g10/getkey.c, g10/keygen.c, g10/keyid.c, g10/main.h, g10/misc.c,
      g10/parse-packet.c, g10/tdbio.c, g10/trustdb.c, include/host2net.h,
      kbx/keybox-dump.c, kbx/keybox-openpgp.c, kbx/keybox-search.c,
      kbx/keybox-update.c, scd/apdu.c, scd/app-openpgp.c,
      scd/ccid-driver.c, scd/pcsc-wrapper.c, tools/ccidmon.c.
    - CVE-2015-1607
 -- Marc Deslauriers <email address hidden> Fri, 27 Mar 2015 08:20:03 -0400

Source diff to previous version
1371766 Latest CVE-2014-5270 patch breaks ElGamal keys of 16k
CVE-2014-5270 side-channel attack on Elgamal encryption subkeys
CVE-2015-1606 use after free resulting from failure to skip invalid packets
CVE-2015-1607 memcpy with overlapping ranges, resulting from incorrect bitwise left shifts

Version: 2.0.17-2ubuntu2.12.04.4 2014-06-26 20:06:34 UTC

  gnupg2 (2.0.17-2ubuntu2.12.04.4) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via uncompressing garbled packets
    - debian/patches/CVE-2014-4617.patch: limit number of extra bytes in
      g10/compress.c.
    - CVE-2014-4617
 -- Marc Deslauriers <email address hidden> Thu, 26 Jun 2014 09:20:38 -0400

Source diff to previous version
CVE-2014-4617 The do_uncompress function in g10/compress.c in GnuPG 1.x before ...

Version: 2.0.17-2ubuntu2.12.04.3 2013-10-09 18:07:19 UTC

  gnupg2 (2.0.17-2ubuntu2.12.04.3) precise-security; urgency=low

  * SECURITY UPDATE: incorrect no-usage-permitted flag handling
    - debian/patches/CVE-2013-4351.patch: correctly handle empty key flags
      in g10/getkey.c, g10/keygen.c, include/cipher.h.
    - CVE-2013-4351
  * SECURITY UPDATE: denial of service via infinite recursion
    - debian/patches/CVE-2013-4402.patch: set limits on number of filters
      and nested packets in common/iobuf.c, g10/mainproc.c.
    - CVE-2013-4402
 -- Marc Deslauriers <email address hidden> Mon, 07 Oct 2013 15:51:48 -0400

Source diff to previous version
CVE-2013-4351 GnuPG treats no-usage-permitted keys as all-usages-permitted
CVE-2013-4402 infinite recursion in the compressed packet parser

Version: 2.0.17-2ubuntu2.12.04.2 2013-01-09 22:07:04 UTC

  gnupg2 (2.0.17-2ubuntu2.12.04.2) precise-security; urgency=low

  * SECURITY UPDATE: keyring corruption via malformed key import
    - debian/patches/CVE-2012-6085.patch: validate PKTTYPE in g10/import.c.
    - CVE-2012-6085
 -- Marc Deslauriers <email address hidden> Tue, 08 Jan 2013 15:36:17 -0500

Source diff to previous version
CVE-2012-6085 gnupg key import memory corruption

Version: 2.0.17-2ubuntu2.12.04.1 2012-09-17 16:07:08 UTC

  gnupg2 (2.0.17-2ubuntu2.12.04.1) precise-security; urgency=low

  * debian/patches/long-keyids.diff: Use the longest key ID available
    when requesting a key from a key server.
 -- Marc Deslauriers <email address hidden> Tue, 14 Aug 2012 13:12:12 -0400




About   -   Send Feedback to @ubuntu_updates