Bug 891142 (CVE-2012-6085)
Summary: | CVE-2012-6085 GnuPG: read_block() corrupt key input validation | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||
Severity: | low | Docs Contact: | |||||||
Priority: | low | ||||||||
Version: | unspecified | CC: | bcl, ebenes, rdieter, slukasik, tmraz | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2015-08-21 23:48:24 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 895850, 1015736, 1015737, 1015738, 1015739, 1015740, 1015741, 1015968, 1016525 | ||||||||
Bug Blocks: | 891147, 1015687 | ||||||||
Attachments: |
|
Description
Kurt Seifried
2013-01-02 01:30:44 UTC
Proposing as NTH, this is a security issue in a key package which is used during installation. But low impact, so not a blocker per the policy. Of course gnupg2-2.0.19 (current latest upstream on 2.0 branch) is affected as well. Please note for Fedora bug #889440 "gnupg-1.4.13 is available" Created attachment 671621 [details]
GnuPG1-CVE-2012-6085.patch
Created attachment 671624 [details]
GnuPG2-CVE-2012-6085.patch
According to Werner Koch a 2.0.20 release of GnuPG is planned that will include the fix for this (498882296ffac7987c644aaf2a0aa108a2925471) but was delayed due to the holidays/etc. https://bugzilla.redhat.com/show_bug.cgi?id=891401 used for F18 NTH purposes. gnupg2-2.0.19-7.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. gnupg-1.4.13-2.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. gnupg2-2.0.19-7.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. Created gnupg2 tracking bugs for this issue Affects: epel-5 [bug 895850] gnupg2-2.0.19-7.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. gnupg-1.4.13-2.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. gnupg-1.4.13-2.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. Created gnupg2 tracking bugs for this issue: Affects: fedora-all [bug 1015968] Created gnupg tracking bugs for this issue: Affects: fedora-all [bug 1016525] This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2013:1459 https://rhn.redhat.com/errata/RHSA-2013-1459.html This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:1458 https://rhn.redhat.com/errata/RHSA-2013-1458.html Statement: (none) |