|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-1: CVE-2015-1606: gpg2: Invalid memory read using a garbled keyring | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Johannes Segitz <jsegitz> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Minor | ||
| Priority: | P4 - Low | CC: | smash_bz, vcizek |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/113917/ | ||
| Whiteboard: | CVSSv2:RedHat:CVE-2015-1606:1.2:(AV:L/AC:H/Au:N/C:P/I:N/A:N) maint:released:sle10-sp3:62366 | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: | TFPA-2015-01-gnupg-keyring-use-after-free | ||
|
Description
Johannes Segitz
2015-02-16 15:02:29 UTC
bugbot adjusting priority This is an autogenerated message for OBS integration: This bug (918089) was mentioned in https://build.opensuse.org/request/show/345381 13.2+13.1 / gpg2 openSUSE-SU-2015:2153-1: An update that fixes two vulnerabilities is now available. Category: security (low) Bug References: 918089,918090 CVE References: CVE-2015-1606,CVE-2015-1607 Sources used: openSUSE 13.2 (src): gpg2-2.0.26-2.3.1 openSUSE 13.1 (src): gpg2-2.0.22-12.1 Created attachment 658029 [details]
TFPA-2015-01-gnupg-keyring-use-after-free
REPRODUCER:
gpg --no-default-keyring --keyring ./TFPA-2015-01-gnupg-keyring-use-after-free --list-keys
An update workflow for this issue was started. This issue was rated as "low". Please submit fixed packages until "Dec. 30, 2015". When done, reassign the bug to "security-team@suse.de". /update/62365/. An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-12-16. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62365 SUSE-SU-2015:2170-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 918089,918090 CVE References: CVE-2015-1606,CVE-2015-1607 Sources used: SUSE Linux Enterprise Server for VMWare 11-SP3 (src): gpg2-2.0.9-25.33.41.2 SUSE Linux Enterprise Server 11-SP4 (src): gpg2-2.0.9-25.33.41.2 SUSE Linux Enterprise Server 11-SP3 (src): gpg2-2.0.9-25.33.41.2 SUSE Linux Enterprise Desktop 11-SP4 (src): gpg2-2.0.9-25.33.41.2 SUSE Linux Enterprise Desktop 11-SP3 (src): gpg2-2.0.9-25.33.41.2 SUSE Linux Enterprise Debuginfo 11-SP4 (src): gpg2-2.0.9-25.33.41.2 SUSE Linux Enterprise Debuginfo 11-SP3 (src): gpg2-2.0.9-25.33.41.2 SUSE-SU-2015:2171-1: An update that solves two vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 918089,918090,952347,955753 CVE References: CVE-2015-1606,CVE-2015-1607 Sources used: SUSE Linux Enterprise Server 12 (src): gpg2-2.0.24-3.1 SUSE Linux Enterprise Desktop 12 (src): gpg2-2.0.24-3.1 done openSUSE-SU-2015:2241-1: An update that solves two vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 918089,918090,952347,955753 CVE References: CVE-2015-1606,CVE-2015-1607 Sources used: openSUSE Leap 42.1 (src): gpg2-2.0.24-5.1 SUSE-SU-2015:2171-2: An update that solves two vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 918089,918090,952347,955753 CVE References: CVE-2015-1606,CVE-2015-1607 Sources used: SUSE Linux Enterprise Server 12-SP1 (src): gpg2-2.0.24-3.2 SUSE Linux Enterprise Desktop 12-SP1 (src): gpg2-2.0.24-3.2 |