Bug 11306 - gnupg2 new security issue CVE-2013-4351
: gnupg2 new security issue CVE-2013-4351
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 3
: i586 Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
: Sec team
: http://lwn.net/Vulnerabilities/568671/
: MGA2TOO has_procedure mga2-32-ok mga2...
: validated_update
:
: 11416
  Show dependency treegraph
 
Reported: 2013-09-27 20:16 CEST by David Walser
Modified: 2014-05-08 18:05 CEST (History)
3 users (show)

See Also:
Source RPM: gnupg2-2.0.19-3.mga3.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2013-09-27 20:16:32 CEST
OpenSuSE has issued an advisory today (September 27):
http://lists.opensuse.org/opensuse-updates/2013-09/msg00058.html

Reproducible: 

Steps to Reproduce:
Comment 1 Oden Eriksson 2013-09-30 08:30:45 CEST
fixed packages has been submitted for all.
Comment 2 David Walser 2013-10-01 00:04:03 CEST
Thanks Oden!

Advisory:
========================

Updated gnupg2 packages fix security vulnerability:

RFC 4880 permits OpenPGP keyholders to mark their primary keys and subkeys
with a "key flags" packet that indicates the capabilities of the key. These
are represented as a set of binary flags, including things like "This key may
be used to encrypt communications." If a key or subkey has this "key flags"
subpacket attached with all bits cleared (off), GnuPG currently treats the key
as having all bits set (on). While keys with this sort of marker are very rare
in the wild, GnuPG's misinterpretation of this subpacket could lead to a
breach of confidentiality or a mistaken identity verification (CVE-2013-4351).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4351
http://lists.opensuse.org/opensuse-updates/2013-09/msg00058.html
========================

Updated packages in core/updates_testing:
========================
gnupg2-2.0.18-1.3.mga2
gnupg2-2.0.19-3.1.mga3

from SRPMS:
gnupg2-2.0.18-1.3.mga2.src.rpm
gnupg2-2.0.19-3.1.mga3.src.rpm
Comment 3 claire robinson 2013-10-08 14:09:18 CEST
Testing complete mga3 64 & mga2 32

Created a new key..
$ gpg --gen-key

Used username Mrs_B

Listed the keys to verify it's there
$ gpg --list-keys

Encrypt and decrypt a file
$ echo "test test test" > test.txt
$ ls
test.txt
$ gpg -e -r Mrs_B test.txt 
$ ls
test.txt  test.txt.gpg
$ rm test.txt
rm: remove regular file `test.txt'? y
$ gpg test.txt.gpg 

You need a passphrase to unlock the secret key for
user: "Mrs_B (blah blah) <mrsb@home.com>"
2048-bit RSA key, ID 2C9B32B6, created 2013-10-08 (main key ID C9F79FB9)

gpg: encrypted with 2048-bit RSA key, ID 2C9B32B6, created 2013-10-08
      "Mrs_B (blah blah) <mrsb@home.com>"
$ ls
test.txt  test.txt.gpg
$ cat test.txt
test test test

Deleted the key
$ gpg --delete-secret-keys Mrs_B
$ gpg --delete-key Mrs_B

Checked it had gone
$ gpg --list-keys | grep Mrs_B

Import Mageia release key
$ gpg --keyserver pgp.mit.edu --recv-keys EDCA7A90

Verify Mageia 3 iso with it
$ cd Mageia-3-dual-CD

$ gpg Mageia-3-dual-CD.iso.md5.gpg 
File `Mageia-3-dual-CD.iso.md5' exists. Overwrite? (y/N) y
gpg: Signature made Fri 07 Jun 2013 23:38:47 BST using RSA key ID EDCA7A90
gpg: Good signature from "Mageia Release <release@mageia.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: B210 76A0 CBE4 D93D 66A9  D08D 835E 41F4 EDCA 7A90

$ md5sum -c Mageia-3-dual-CD.iso.md5
Mageia-3-dual-CD.iso: OK
Comment 4 claire robinson 2013-10-08 15:05:35 CEST
Repeated using gpg2 this time.. oops!

Just replace the gpg command with gpg2
Comment 5 claire robinson 2013-10-08 16:09:08 CEST
Testing complete (with gnupg2!) mga2 32
Comment 6 claire robinson 2013-10-08 16:09:42 CEST
mga3 32 in comment 5 even :\
Comment 7 claire robinson 2013-10-08 16:22:00 CEST
Testing complete mga2 64

Validating. Advisory 11306.adv uploaded.

Could sysadmin please push from 2&3 core/updates_testing to updates

Thanks!
Comment 8 Oden Eriksson 2013-10-09 17:32:02 CEST
This was fixed with gnupg-1.4.12-1.3.mga2, gnupg-1.4.14-1.1.mga3 and gnupg-1.4.15-1.mga4 (patch from debian)
Comment 9 David Walser 2013-10-09 17:33:20 CEST
(In reply to Oden Eriksson from comment #8)
> This was fixed with gnupg-1.4.12-1.3.mga2, gnupg-1.4.14-1.1.mga3 and
> gnupg-1.4.15-1.mga4 (patch from debian)

I believe this comment was meant for Bug 11416.
Comment 10 David Walser 2013-10-09 17:56:26 CEST
This has been rebuilt to fix another issue.

Advisory:
========================

Updated gnupg2 packages fix security vulnerability:

RFC 4880 permits OpenPGP keyholders to mark their primary keys and subkeys
with a "key flags" packet that indicates the capabilities of the key. These
are represented as a set of binary flags, including things like "This key may
be used to encrypt communications." If a key or subkey has this "key flags"
subpacket attached with all bits cleared (off), GnuPG currently treats the key
as having all bits set (on). While keys with this sort of marker are very rare
in the wild, GnuPG's misinterpretation of this subpacket could lead to a
breach of confidentiality or a mistaken identity verification (CVE-2013-4351).

Special crafted input data may be used to cause a denial of service against
GPG. GPG can be forced to recursively parse certain parts of OpenPGP messages
ad infinitum (CVE-2013-4402).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402
http://lists.gnu.org/archive/html/info-gnu/2013-10/msg00002.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00058.html
========================

Updated packages in core/updates_testing:
========================
gnupg2-2.0.18-1.4.mga2
gnupg2-2.0.19-3.2.mga3

from SRPMS:
gnupg2-2.0.18-1.4.mga2.src.rpm
gnupg2-2.0.19-3.2.mga3.src.rpm
Comment 11 David Walser 2013-10-09 17:56:57 CEST
Fixing the advisory header.

Advisory:
========================

Updated gnupg2 package fixes security vulnerabilities:

RFC 4880 permits OpenPGP keyholders to mark their primary keys and subkeys
with a "key flags" packet that indicates the capabilities of the key. These
are represented as a set of binary flags, including things like "This key may
be used to encrypt communications." If a key or subkey has this "key flags"
subpacket attached with all bits cleared (off), GnuPG currently treats the key
as having all bits set (on). While keys with this sort of marker are very rare
in the wild, GnuPG's misinterpretation of this subpacket could lead to a
breach of confidentiality or a mistaken identity verification (CVE-2013-4351).

Special crafted input data may be used to cause a denial of service against
GPG. GPG can be forced to recursively parse certain parts of OpenPGP messages
ad infinitum (CVE-2013-4402).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402
http://lists.gnu.org/archive/html/info-gnu/2013-10/msg00002.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00058.html
========================

Updated packages in core/updates_testing:
========================
gnupg2-2.0.18-1.4.mga2
gnupg2-2.0.19-3.2.mga3

from SRPMS:
gnupg2-2.0.18-1.4.mga2.src.rpm
gnupg2-2.0.19-3.2.mga3.src.rpm
Comment 12 claire robinson 2013-10-09 20:21:44 CEST
Testing complete mga2 64 & mga3 64
Comment 13 claire robinson 2013-10-09 20:31:42 CEST
testing complete mga2 32
Comment 14 claire robinson 2013-10-09 20:45:03 CEST
testing complete mga3 32
Comment 15 claire robinson 2013-10-09 20:52:16 CEST
Advisory updated. Validating again.

Could sysadmin please push from 2&3 core/updates_testing to updates

Thanks!
Comment 16 Thomas Backlund 2013-10-10 00:52:53 CEST
Update pushed:
http://advisories.mageia.org/MGASA-2013-0298.html
Comment 17 Oden Eriksson 2013-10-10 07:50:47 CEST
======================================================
Name: CVE-2013-4351
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4351
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130612
Category: 
Reference: MLIST:[oss-security] 20130913 Re: GnuPG treats no-usage-permitted keys as all-usages-permitted
Reference: URL:http://www.openwall.com/lists/oss-security/2013/09/13/4
Reference: CONFIRM:http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1010137
Reference: SUSE:openSUSE-SU-2013:1526
Reference: URL:http://lists.opensuse.org/opensuse-updates/2013-10/msg00003.html
Reference: SUSE:openSUSE-SU-2013:1532
Reference: URL:http://lists.opensuse.org/opensuse-updates/2013-10/msg00006.html
Reference: UBUNTU:USN-1987-1
Reference: URL:http://ubuntu.com/usn/usn-1987-1

GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all
bits cleared (no usage permitted) as if it has all bits set (all usage
permitted), which might allow remote attackers to bypass intended
cryptographic protection mechanisms by leveraging the subkey.
Comment 18 Oden Eriksson 2013-10-10 11:04:08 CEST
(In reply to David Walser from comment #9)
> (In reply to Oden Eriksson from comment #8)
> > This was fixed with gnupg-1.4.12-1.3.mga2, gnupg-1.4.14-1.1.mga3 and
> > gnupg-1.4.15-1.mga4 (patch from debian)
> 
> I believe this comment was meant for Bug 11416.

No:

[oden@titan ~]$ rpm -qlp /mnt/BIG/mirror/mageia/mga2/SRPMS/core/updates/gnupg-1.4.12-1.3.mga2.src.rpm  | grep CVE
gnupg-1.4.12-CVE-2012-6085.diff
gnupg-1.4.12-CVE-2013-4242.diff
gnupg-1.4.12-CVE-2013-4351.diff
gnupg-1.4.12-CVE-2013-4402.diff

Note You need to log in before you can comment on or make changes to this bug.