==========================================================================
Ubuntu Security Notice USN-2307-1
August 06, 2014
gpgme1.0 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS
Summary:
GPGME could be made to crash or run programs as your login if it processed
a specially crafted certificate.
Software Description:
– gpgme1.0: GPGME – GnuPG Made Easy (library)
Details:
Tomáš Trnka discovered that GPGME incorrectly handled certain certificate
line lengths. An attacker could use this issue to cause applications using
GPGME to crash, resulting in a denial of service, or possibly execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
libgpgme11 1.4.3-0.1ubuntu5.1
Ubuntu 12.04 LTS:
libgpgme11 1.2.0-1.4ubuntu2.1
Ubuntu 10.04 LTS:
libgpgme11 1.2.0-1.2ubuntu1.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2307-1
CVE-2014-3564
Package Information:
https://launchpad.net/ubuntu/+source/gpgme1.0/1.4.3-0.1ubuntu5.1
https://launchpad.net/ubuntu/+source/gpgme1.0/1.2.0-1.4ubuntu2.1
https://launchpad.net/ubuntu/+source/gpgme1.0/1.2.0-1.2ubuntu1.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJT4i7tAAoJEGVp2FWnRL6T8zoP+wRiHxeasx3NSC92Z4/9Zemh
ddejOAGIN0eAWaiX4+BUAt0JZiB9u/RU0frG0cj2ssbBHIJP6HPBoGtIUXTBd8I9
MQwNzsDQbi+E/tDc82V7xasOHqJSppbUAr8gm8JAr5z5wkMxGPB9pw4HIVASGX0r
7wP/cM2qS6mW/+EqB1zOCC0s+GQU/jKHnO6Wtqt/I/DP9r3rPl7wmS/W1QnWBkM2
oI1rC1unpOVjcM6CWMlNY/tlLyGRncX0DXsFBm7fh2pIY5sEvdz9GUMsyl6urdpQ
fhpe5DfgwUKdFrttc8yOBKxCjN3d6X7X4GlAhj7g9SgwmE6okzjbCKjLqf3DpJQb
h+XNkz9eqF93HMvnAf6pw1tKKqxsQDn95yVl5EyQoAMD4voQGuy9UF3MxfNQTA1M
g5jj6Yb6a+elJjVu8NVPn7bDGpLSBskBZbN4MnnVc2mS8mPrFAKvYbpjOT+NHqfA
xsgD3SteEfOf6PC/IxvAbAKOed15EQrQLgOAV6PN7ZwZVFPxeRn5uU9l91gY8u2O
nisU7piLW/boMP1PVPawmdlYXwZJOQ4/n4K9BSLkpW7qVAK9lU9PcQFi570jqs5t
s1I9nZIiXT1VRvG0AzdU5ilFpu4MxMR7J7XXjN3Mc5VKC1UtnWyTaALitfFuOfBg
Co6lCMG7I9vSJSX5vGjL
=088u
—–END PGP SIGNATURE—–
—