Bug 798465 - (CVE-2012-6085) VUL-1: CVE-2012-6085: gnupg: potential database corruption
(CVE-2012-6085)
VUL-1: CVE-2012-6085: gnupg: potential database corruption
Status: RESOLVED FIXED
: 876581 880249 (view as bug list)
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
maint:released:sle10-sp3:52510 maint:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-01-15 08:50 UTC by Matthias Weckbecker
Modified: 2018-10-19 18:21 UTC (History)
6 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Weckbecker 2013-01-15 08:50:43 UTC
A report at Red Hat [1] from 2013-01-01 describes an issue with GnuPG that can
cause the public key db to end up being corrupted / cause a memory corruption.

Original issue reported upstream [2].

[1] https://bugzilla.redhat.com/show_bug.cgi?id=891142
(example + patches included)
[2] https://bugs.g10code.com/gnupg/issue1455
Comment 1 Swamp Workflow Management 2013-05-08 00:46:40 UTC
The SWAMPID for this issue is 52394.
This issue was rated as low.
Please submit fixed packages until 2013-06-05.
Also create a patchinfo file using this link:
https://swamp.suse.de/webswamp/wf/52394
Comment 2 Leonardo Chiquitto 2013-05-09 18:17:55 UTC
Update started. Please submit to 11-SP2 and 10-SP4.
Comment 6 Vítězslav Čížek 2013-05-14 14:23:04 UTC
Do we need updates for any other distribution?
Or is my work here done and I can reassign this bug back to security-team?
Comment 7 Matthias Weckbecker 2013-05-15 08:40:10 UTC
Security wants always wants to fix all affected products. Thank you.
Comment 8 Vítězslav Čížek 2013-05-15 15:39:16 UTC
openSUSE packages submitted.
Comment 10 Bernhard Wiedemann 2013-05-15 16:00:25 UTC
This is an autogenerated message for OBS integration:
This bug (798465) was mentioned in
https://build.opensuse.org/request/show/175760 Maintenance /
Comment 11 Bernhard Wiedemann 2013-05-27 07:00:25 UTC
This is an autogenerated message for OBS integration:
This bug (798465) was mentioned in
https://build.opensuse.org/request/show/176623 Maintenance /
Comment 12 Swamp Workflow Management 2013-05-31 16:04:29 UTC
openSUSE-SU-2013:0849-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 780943,798465
CVE References: CVE-2012-6085
Sources used:
openSUSE 12.2 (src):    gpg2-2.0.19-2.4.1
openSUSE 12.1 (src):    gpg2-2.0.18-7.4.1
Comment 13 Bernhard Wiedemann 2013-06-02 21:00:16 UTC
This is an autogenerated message for OBS integration:
This bug (798465) was mentioned in
https://build.opensuse.org/request/show/177209 Evergreen:11.2 / gpg2
Comment 14 Swamp Workflow Management 2013-06-10 09:09:08 UTC
openSUSE-SU-2013:0880-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 780943,798465
CVE References: CVE-2012-6085
Sources used:
openSUSE 12.3 (src):    gpg2-2.0.19-5.4.1
Comment 15 Swamp Workflow Management 2013-06-10 10:20:03 UTC
openSUSE-SU-2013:0957-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 780943,798465
CVE References: CVE-2012-6085
Sources used:
openSUSE 11.4 (src):    gpg2-2.0.16-10.1
Comment 16 Swamp Workflow Management 2013-06-20 09:50:12 UTC
Update released for: gpg2, gpg2-debuginfo, gpg2-debugsource, gpg2-lang
Products:
SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP2 (i386, x86_64)
SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP2 (i386, x86_64)
Comment 17 Swamp Workflow Management 2013-06-20 10:04:27 UTC
Update released for: gpg2, gpg2-debuginfo, gpg2-debugsource, gpg2-lang
Products:
SLE-SERVER 11-SP1-TERADATA (x86_64)
Comment 18 Swamp Workflow Management 2013-06-20 10:05:20 UTC
Update released for: gpg, gpg-debuginfo
Products:
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 19 Swamp Workflow Management 2013-06-20 11:04:37 UTC
Update released for: gpg2, gpg2-debuginfo
Products:
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 20 Swamp Workflow Management 2013-06-20 11:47:50 UTC
Update released for: gpg, gpg-debuginfo
Products:
SLE-DESKTOP 10-SP4 (i386, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Comment 21 Swamp Workflow Management 2013-06-20 11:52:04 UTC
Update released for: gpg2, gpg2-debuginfo
Products:
SLE-DESKTOP 10-SP4 (i386, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Comment 23 Sebastian Krahmer 2013-07-03 11:22:53 UTC
released
Comment 24 Swamp Workflow Management 2013-07-03 14:00:12 UTC
Update released for: gpg2, gpg2-debuginfo, gpg2-debugsource, gpg2-lang
Products:
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP3 (i386, x86_64)
Comment 25 Swamp Workflow Management 2013-10-25 15:46:44 UTC
Update released for: gpg, gpg-debuginfo
Products:
SLE-SERVER 10-SP3-LTSS (i386, s390x, x86_64)
Comment 26 Swamp Workflow Management 2013-10-25 15:47:58 UTC
Update released for: gpg, gpg-debuginfo
Products:
SLE-SERVER 10-SP4-LTSS (i386, s390x, x86_64)
Comment 27 Swamp Workflow Management 2014-04-11 15:30:02 UTC
The SWAMPID for this issue is 57003.
This issue was rated as moderate.
Please submit fixed packages until 2014-04-25.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 28 Swamp Workflow Management 2014-06-03 19:47:08 UTC
Update released for: gpg2, gpg2-debuginfo, gpg2-debugsource, gpg2-lang
Products:
SLE-DEBUGINFO 11-SP1 (i386, s390x, x86_64)
SLE-SERVER 11-SP1-LTSS (i386, s390x, x86_64)
Comment 29 Swamp Workflow Management 2014-06-03 23:04:57 UTC
SUSE-SU-2014:0750-1: An update that contains security fixes can now be installed.

Category: security (moderate)
Bug References: 778723,780943,798465,808958,840510,844175
CVE References: 
Sources used:
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    gpg2-2.0.9-25.33.37.6
Comment 30 Marcus Meissner 2014-06-10 13:42:23 UTC
*** Bug 880249 has been marked as a duplicate of this bug. ***
Comment 31 Leonardo Chiquitto 2014-06-11 12:42:44 UTC
*** Bug 876581 has been marked as a duplicate of this bug. ***