SUSE update for gpg / liby2util - Secunia Advisories - Vulnerability Intelligence

Home > Vulnerability Intelligence > Secunia Advisories > SUSE update for gpg / liby2util

Secunia Advisories

Advisories

Advisories by Product

Business Solutions Restricted

Partner Solutions Restricted

About

SUSE update for gpg / liby2util
Secunia Advisory:	SA18968	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2006-02-21
Last Update:	2006-02-28
Popularity:	6,851 views

Critical:	Less critical
Impact:	Security Bypass
Where:	From remote
Solution Status:	Vendor Patch

OS:	SUSE Linux 10 SUSE Linux 9.3

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2006-0455 CVE-2006-0803

Description: SUSE has issued an update for gpg / liby2util. This fixes a security issue, which potentially can be exploited by malicious people to bypass certain security restrictions. For more information: SA18845 This e.g. affects the patch verification checker of YaST Online Update, which may cause it to pass malicious patch files as correct. Also, the YaST Online Update script signature verification uses a feature not included in gpg 1.4.x, resulting in it accepting arbitrary scripts as correct. Successful exploitation requires the ability to either manipulate a YaST Online Update mirror or the network traffic. Solution: Apply updated packages. -- x86 Platform -- SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/gpg-1.4.2-5.2.i586.rpm f1422c0264ff3e270a56d03d4b47e762 ftp://ftp.suse.com/pub/suse/i386/upda...pm/i586/liby2util-2.12.9-0.3.i586.rpm 9a6f3ee339303f3efd92121dedf441aa ftp://ftp.suse.com/pub/suse/i386/upda...6/liby2util-devel-2.12.9-0.3.i586.rpm b504c0cf0f84039018ae1ac90d2e5292 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/gpg-1.4.0-4.2.i586.rpm fffa34f3034effa188cbeb942473e200 ftp://ftp.suse.com/pub/suse/i386/upda...pm/i586/liby2util-2.11.7-0.3.i586.rpm a321ab146d07c50cc69a91352ac28bf7 ftp://ftp.suse.com/pub/suse/i386/upda...6/liby2util-devel-2.11.7-0.3.i586.rpm 1215bcf8f061079dbe05b93b1d611818 -- Power PC Platform -- SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/upda.../rpm/ppc/liby2util-2.12.9-0.3.ppc.rpm 287ef59b3aec2b9aaaba0e17a9cbba27 ftp://ftp.suse.com/pub/suse/i386/upda...pc/liby2util-devel-2.12.9-0.3.ppc.rpm f0bd4524c50c5e0a5613f70393ba4489 -- x86-64 Platform -- SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/upda...86_64/liby2util-2.12.9-0.3.x86_64.rpm edcad55c6587b9322b5895f2e1ff3760 ftp://ftp.suse.com/pub/suse/i386/upda...liby2util-devel-2.12.9-0.3.x86_64.rpm c6b4a827e8ab4dc6d14608ceeb3e3385 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/upda...86_64/liby2util-2.11.7-0.3.x86_64.rpm 7cd1425a429b4637b34aa675d4eeaa85 ftp://ftp.suse.com/pub/suse/i386/upda...liby2util-devel-2.11.7-0.3.x86_64.rpm 8d27157261b70a5bb51ab643d8dd1fe8 -- Sources -- SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/gpg-1.4.2-5.2.src.rpm 5098f06cba2e38aa0b5181fb3f9cd7f3 ftp://ftp.suse.com/pub/suse/i386/upda.../rpm/src/liby2util-2.12.9-0.3.src.rpm 3107fb78311f00f01c484c1fa1ab26df SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/gpg-1.4.0-4.2.src.rpm 026b7d74d345815de958152305ffde09 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/liby2util-2.11.7-0.3.src.rpm 2663aecb5e77147aca6881bd92e570bb Changelog: 2006-02-28: Added information about YaST Online Update security issue. Original Advisory: http://www.novell.com/linux/security/advisories/2006_09_gpg.html Other References: SA18845: http://secunia.com/advisories/18845/

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

7th Jan, 2009

New advisories:	31
New vulnerabilities:	90
Updated advisories:	37

Less // 410 views

Joomla! "X_CMS_LIBRARY_PATH" Directory Traversal Vulnerability

Moderately // 235 views

Red Hat update for xterm

Not // 221 views

Red Hat update for dbus

Moderately // 310 views

Red Hat update for openssl

Moderately // 466 views

OpenSSL DSA / ECDSA "EVP_VerifyFinal()" Spoofing Vulnerability

Less // 236 views

vBulletin Personal Sticky Threads Add-on Security Bypass Vulnerability

Moderately // 208 views

BlogHelper "common_db.inc" Information Disclosure Security Issue

Moderately // 203 views

PollHelper "poll.inc" Information Disclosure Security Issue

Highly // 276 views

ComponentOne SizerOne CTab ActiveX Control Caption List Buffer Overflow

Highly // 250 views

TSC2 Help Desk CTab ActiveX Control Caption List Buffer Overflow

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.