Bug 884130 - (CVE-2014-4617) VUL-0: CVE-2014-4617: gpg, gpg2: GnuPG denial of service through infinite loop with garbled compressed data packets
(CVE-2014-4617)
VUL-0: CVE-2014-4617: gpg, gpg2: GnuPG denial of service through infinite loo...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
All All
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
maint:released:sle11-sp1:58027 maint...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-06-24 20:47 UTC by Andreas Stieger
Modified: 2014-07-30 18:49 UTC (History)
6 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
backported patch (3.04 KB, patch)
2014-06-24 23:00 UTC, Andreas Stieger
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2014-06-24 20:47:05 UTC
User-Agent:       Mozilla/5.0 (X11; Linux i686; rv:30.0) Gecko/20100101 Firefox/30.0

GnuPG before 1.4.17 and 2.0.24 have a possible DoS vulnerability when using garbled compressed data packets which can be used to put gpg into an infinite loop.

[Announce] [security fix] GnuPG 1.4.17 released
http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html

[Announce] [security fix] GnuPG 2.0.24 released
http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a

http://seclists.org/oss-sec/2014/q2/632

>> A packet like (a3 01 5b ff) leads to an infinite loop.

> Use CVE-2014-4617 for this issue affecting both GnuPG 1.x before 1.4.17 and 2.x before 2.0.24.

Reproducible: Didn't try
Comment 1 Andreas Stieger 2014-06-24 22:58:35 UTC
SR to Base:System / gpg2:
https://build.opensuse.org/request/show/238555
Comment 2 Andreas Stieger 2014-06-24 23:00:37 UTC
Created attachment 595827 [details]
backported patch

Differs from upstream patch in context only, plus white space content in hunk #4
Comment 3 Andreas Stieger 2014-06-24 23:08:15 UTC
Maintenance request for gpg2 on openSUSE 12.3 and 13.1, please review:
https://build.opensuse.org/request/show/238557

This regression as introduced in 1999, so all versions of SLE affected.
Comment 4 Marcus Meissner 2014-06-25 07:10:28 UTC
so also gpg and gpg2
Comment 5 Swamp Workflow Management 2014-06-25 12:43:42 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2014-07-09.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/58019
Comment 6 SMASH SMASH 2014-06-25 12:45:17 UTC
Affected packages:

SLE-10-SP3-TERADATA: gpg, gpg2
SLE-11-SP3: gpg2
SLE-9-SP3-TERADATA: gpg
Comment 8 Vítězslav Čížek 2014-06-25 15:39:45 UTC
Thanks for the openSUSE update and the patch, Andreas.
Comment 11 Swamp Workflow Management 2014-07-03 14:04:22 UTC
openSUSE-SU-2014:0866-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 884130
CVE References: CVE-2014-4617
Sources used:
openSUSE 13.1 (src):    gpg2-2.0.22-8.1
openSUSE 12.3 (src):    gpg2-2.0.19-5.16.1
Comment 12 Swamp Workflow Management 2014-07-14 16:04:22 UTC
Update released for: gpg2, gpg2-debuginfo
Products:
SLE-DEBUGINFO 10-SP3-TERADATA (x86_64)
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 13 Swamp Workflow Management 2014-07-14 16:04:42 UTC
Update released for: gpg, gpg-debuginfo
Products:
SLE-DEBUGINFO 10-SP3-TERADATA (x86_64)
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 14 Swamp Workflow Management 2014-07-14 16:05:03 UTC
Update released for: gpg
Products:
SUSE-CORE 9-SP3-TERADATA (x86_64)
Comment 15 Swamp Workflow Management 2014-07-14 16:05:25 UTC
Update released for: gpg2, gpg2-debuginfo, gpg2-debugsource, gpg2-lang
Products:
SLE-DEBUGINFO 11-SP1-TERADATA (x86_64)
SLE-SERVER 11-SP1-TERADATA (x86_64)
Comment 16 Swamp Workflow Management 2014-07-14 21:48:41 UTC
Update released for: gpg2, gpg2-debuginfo, gpg2-debugsource, gpg2-lang
Products:
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP3 (i386, x86_64)
Comment 17 Swamp Workflow Management 2014-07-15 01:04:43 UTC
SUSE-SU-2014:0896-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 884130
CVE References: CVE-2014-4617
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    gpg2-2.0.9-25.33.39.1
SUSE Linux Enterprise Server 11 SP3 (src):    gpg2-2.0.9-25.33.39.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    gpg2-2.0.9-25.33.39.1
Comment 19 Swamp Workflow Management 2014-07-30 18:49:08 UTC
openSUSE-SU-2014:0952-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 884130
CVE References: CVE-2014-4617
Sources used:
openSUSE 11.4 (src):    gpg2-2.0.19-22.1