Issued:
2014-06-30
Updated:
2014-10-13

RHBA-2014:0806 - Bug Fix Advisory

Synopsis

gnupg2 bug fix update

Type/Severity

Bug Fix Advisory

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated gnupg2 packages that fix several bugs are now available for Red Hat
Enterprise Linux 6.

Description

The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and
creating digital signatures, compliant with the proposed OpenPGP Internet
standard and the S/MIME standard.

This update fixes the following bugs:

  • Previously, the secret key management daemon for GnuPG, gpg-agent, failed to

encode a new iteration count value when it created a new protected key or
changed an existing key. As a consequence, the key could not be unprotected and
gpg-agent thus did not properly interact with a number of programs that use key
decryption, such as KMail or Kleopatra. With this update, the new iteration
count is encoded properly and the decryption of keys created or modified by
gpg-agent no longer fails. (BZ#638635)

  • Prior to this update, the GnuPG encryption and signing tool, gpg2, by default

used CAST5, an encryption algorithm not approved by FIPS standards.
Consequently, when gpg2 was run in FIPS mode, data encryption and decryption
failed and caused gpg2 to terminate unexpectedly. With this update, GnuPG uses
AES, a FIPS-approved encryption algorithm, and gpg2 data encryption and
decryption in FIPS mode work as intended. (BZ#966493)

  • Previously, the GnuPG signature checking tool, gpgv2, did not correctly

interact with the Libgcrypt library. As a consequence, when the gpgv command was
used on a file, gpgv2 terminated unexpectedly. This update fixes the error and
the gpgv command now functions correctly. (BZ#1006879)

  • Prior to this update, GnuPG did not check for availability of the RIPEMD-160

hash function digest. Because the RIPEMD-160 algorithm is not approved by FIPS
standards, GnuPG therefore terminated unexpectedly when the "gpg --verify"
command was used in FIPS mode to verify a signature that contained a RIPEMD-160
hash. With this update, GnuPG properly checks for RIPEMD-160 support and the
crash no longer occurs. (BZ#1078957)

Users of gnupg2 are advised to upgrade to these updated packages, which fix
these bugs.

Solution

Before applying this update, make sure all previously released errata relevant
to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x

Fixes

  • BZ - 638635 - gpg-agent fails to encode "iteration count" into private keys, thus never unprotects secret key
  • BZ - 966493 - symmetric encryption/decryption doesn't work in FIPS mode
  • BZ - 1078957 - gpg --verify coredumps when verifying a signature with RIPEMD160 digest in FIPS mode

CVEs

(none)

References

(none)

Red Hat Enterprise Linux Server 6

SRPM
gnupg2-2.0.14-8.el6.src.rpm SHA-256: 00589845762d75872eb858b7e42e9fb653f28f8b42fe9d53d5966d7752b56379
x86_64
gnupg2-2.0.14-8.el6.x86_64.rpm SHA-256: 354262f1fed8e1a8f7204d18e29ca3d84511ebe88a14039ad39b33b363dd0215
gnupg2-debuginfo-2.0.14-8.el6.x86_64.rpm SHA-256: 5e4d070a21591225796dd4e15007cae05c73fc564ce973f2c9eef886d025e2a5
gnupg2-debuginfo-2.0.14-8.el6.x86_64.rpm SHA-256: 5e4d070a21591225796dd4e15007cae05c73fc564ce973f2c9eef886d025e2a5
gnupg2-smime-2.0.14-8.el6.x86_64.rpm SHA-256: c512c6436ec7bdda27da75abca1e038ad6092c3bd47b88e9bbd1e0cf81507d95
i386
gnupg2-2.0.14-8.el6.i686.rpm SHA-256: f242dcb015d53fe3db192d33111d268b5f6fc9f56a3506b712007bfe8e6291ac
gnupg2-debuginfo-2.0.14-8.el6.i686.rpm SHA-256: d67c2e4ea813bbefcc8818c0bd8c471405232e71e62f56dbd5b955ab6e161a8e
gnupg2-debuginfo-2.0.14-8.el6.i686.rpm SHA-256: d67c2e4ea813bbefcc8818c0bd8c471405232e71e62f56dbd5b955ab6e161a8e
gnupg2-smime-2.0.14-8.el6.i686.rpm SHA-256: 9b3276827ac7b5faef6e0b4fa6303cbda8287de26cb913a8a69a0637194be4ba

Red Hat Enterprise Linux Workstation 6

SRPM
gnupg2-2.0.14-8.el6.src.rpm SHA-256: 00589845762d75872eb858b7e42e9fb653f28f8b42fe9d53d5966d7752b56379
x86_64
gnupg2-2.0.14-8.el6.x86_64.rpm SHA-256: 354262f1fed8e1a8f7204d18e29ca3d84511ebe88a14039ad39b33b363dd0215
gnupg2-debuginfo-2.0.14-8.el6.x86_64.rpm SHA-256: 5e4d070a21591225796dd4e15007cae05c73fc564ce973f2c9eef886d025e2a5
gnupg2-debuginfo-2.0.14-8.el6.x86_64.rpm SHA-256: 5e4d070a21591225796dd4e15007cae05c73fc564ce973f2c9eef886d025e2a5
gnupg2-smime-2.0.14-8.el6.x86_64.rpm SHA-256: c512c6436ec7bdda27da75abca1e038ad6092c3bd47b88e9bbd1e0cf81507d95
i386
gnupg2-2.0.14-8.el6.i686.rpm SHA-256: f242dcb015d53fe3db192d33111d268b5f6fc9f56a3506b712007bfe8e6291ac
gnupg2-debuginfo-2.0.14-8.el6.i686.rpm SHA-256: d67c2e4ea813bbefcc8818c0bd8c471405232e71e62f56dbd5b955ab6e161a8e
gnupg2-debuginfo-2.0.14-8.el6.i686.rpm SHA-256: d67c2e4ea813bbefcc8818c0bd8c471405232e71e62f56dbd5b955ab6e161a8e
gnupg2-smime-2.0.14-8.el6.i686.rpm SHA-256: 9b3276827ac7b5faef6e0b4fa6303cbda8287de26cb913a8a69a0637194be4ba

Red Hat Enterprise Linux Desktop 6

SRPM
gnupg2-2.0.14-8.el6.src.rpm SHA-256: 00589845762d75872eb858b7e42e9fb653f28f8b42fe9d53d5966d7752b56379
i386
gnupg2-2.0.14-8.el6.i686.rpm SHA-256: f242dcb015d53fe3db192d33111d268b5f6fc9f56a3506b712007bfe8e6291ac
gnupg2-debuginfo-2.0.14-8.el6.i686.rpm SHA-256: d67c2e4ea813bbefcc8818c0bd8c471405232e71e62f56dbd5b955ab6e161a8e
gnupg2-debuginfo-2.0.14-8.el6.i686.rpm SHA-256: d67c2e4ea813bbefcc8818c0bd8c471405232e71e62f56dbd5b955ab6e161a8e
gnupg2-smime-2.0.14-8.el6.i686.rpm SHA-256: 9b3276827ac7b5faef6e0b4fa6303cbda8287de26cb913a8a69a0637194be4ba
x86_64
gnupg2-2.0.14-8.el6.x86_64.rpm SHA-256: 354262f1fed8e1a8f7204d18e29ca3d84511ebe88a14039ad39b33b363dd0215
gnupg2-debuginfo-2.0.14-8.el6.x86_64.rpm SHA-256: 5e4d070a21591225796dd4e15007cae05c73fc564ce973f2c9eef886d025e2a5
gnupg2-debuginfo-2.0.14-8.el6.x86_64.rpm SHA-256: 5e4d070a21591225796dd4e15007cae05c73fc564ce973f2c9eef886d025e2a5
gnupg2-smime-2.0.14-8.el6.x86_64.rpm SHA-256: c512c6436ec7bdda27da75abca1e038ad6092c3bd47b88e9bbd1e0cf81507d95

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
gnupg2-2.0.14-8.el6.src.rpm SHA-256: 00589845762d75872eb858b7e42e9fb653f28f8b42fe9d53d5966d7752b56379
s390x
gnupg2-2.0.14-8.el6.s390x.rpm SHA-256: fef8a6f7fecae68249f021a6826d7366331aee402712f8600b8f02cca98682f9
gnupg2-debuginfo-2.0.14-8.el6.s390x.rpm SHA-256: 8b597c08d55480966a1c83883fc55055f21226f3998c34cf24ac973427d6d627
gnupg2-debuginfo-2.0.14-8.el6.s390x.rpm SHA-256: 8b597c08d55480966a1c83883fc55055f21226f3998c34cf24ac973427d6d627
gnupg2-smime-2.0.14-8.el6.s390x.rpm SHA-256: 1e4f1c2cd2c8a997e6bc81929d2a1a2200fdd72e18619141aa0e0b6a898f28b5

Red Hat Enterprise Linux for Power, big endian 6

SRPM
gnupg2-2.0.14-8.el6.src.rpm SHA-256: 00589845762d75872eb858b7e42e9fb653f28f8b42fe9d53d5966d7752b56379
ppc64
gnupg2-2.0.14-8.el6.ppc64.rpm SHA-256: d74e61f1e126a6c51eae751ef568c366f4b8e6671b68569cffef3a86f214151e
gnupg2-debuginfo-2.0.14-8.el6.ppc64.rpm SHA-256: a82a45ade8eb8ff8447c70f6f337e43cb65424a6f81a6d910a15556c05adeeb8
gnupg2-debuginfo-2.0.14-8.el6.ppc64.rpm SHA-256: a82a45ade8eb8ff8447c70f6f337e43cb65424a6f81a6d910a15556c05adeeb8
gnupg2-smime-2.0.14-8.el6.ppc64.rpm SHA-256: 14b606f1696c45c11a8db9b0d1c4eb0a09112a1ffe5423239d18645333ce1623

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
gnupg2-2.0.14-8.el6.src.rpm SHA-256: 00589845762d75872eb858b7e42e9fb653f28f8b42fe9d53d5966d7752b56379
x86_64
gnupg2-2.0.14-8.el6.x86_64.rpm SHA-256: 354262f1fed8e1a8f7204d18e29ca3d84511ebe88a14039ad39b33b363dd0215
gnupg2-debuginfo-2.0.14-8.el6.x86_64.rpm SHA-256: 5e4d070a21591225796dd4e15007cae05c73fc564ce973f2c9eef886d025e2a5
gnupg2-debuginfo-2.0.14-8.el6.x86_64.rpm SHA-256: 5e4d070a21591225796dd4e15007cae05c73fc564ce973f2c9eef886d025e2a5
gnupg2-smime-2.0.14-8.el6.x86_64.rpm SHA-256: c512c6436ec7bdda27da75abca1e038ad6092c3bd47b88e9bbd1e0cf81507d95

Red Hat Enterprise Linux Server from RHUI 6

SRPM
gnupg2-2.0.14-8.el6.src.rpm SHA-256: 00589845762d75872eb858b7e42e9fb653f28f8b42fe9d53d5966d7752b56379
x86_64
gnupg2-2.0.14-8.el6.x86_64.rpm SHA-256: 354262f1fed8e1a8f7204d18e29ca3d84511ebe88a14039ad39b33b363dd0215
gnupg2-debuginfo-2.0.14-8.el6.x86_64.rpm SHA-256: 5e4d070a21591225796dd4e15007cae05c73fc564ce973f2c9eef886d025e2a5
gnupg2-debuginfo-2.0.14-8.el6.x86_64.rpm SHA-256: 5e4d070a21591225796dd4e15007cae05c73fc564ce973f2c9eef886d025e2a5
gnupg2-smime-2.0.14-8.el6.x86_64.rpm SHA-256: c512c6436ec7bdda27da75abca1e038ad6092c3bd47b88e9bbd1e0cf81507d95
i386
gnupg2-2.0.14-8.el6.i686.rpm SHA-256: f242dcb015d53fe3db192d33111d268b5f6fc9f56a3506b712007bfe8e6291ac
gnupg2-debuginfo-2.0.14-8.el6.i686.rpm SHA-256: d67c2e4ea813bbefcc8818c0bd8c471405232e71e62f56dbd5b955ab6e161a8e
gnupg2-debuginfo-2.0.14-8.el6.i686.rpm SHA-256: d67c2e4ea813bbefcc8818c0bd8c471405232e71e62f56dbd5b955ab6e161a8e
gnupg2-smime-2.0.14-8.el6.i686.rpm SHA-256: 9b3276827ac7b5faef6e0b4fa6303cbda8287de26cb913a8a69a0637194be4ba

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6

SRPM
gnupg2-2.0.14-8.el6.src.rpm SHA-256: 00589845762d75872eb858b7e42e9fb653f28f8b42fe9d53d5966d7752b56379
x86_64
gnupg2-2.0.14-8.el6.x86_64.rpm SHA-256: 354262f1fed8e1a8f7204d18e29ca3d84511ebe88a14039ad39b33b363dd0215
gnupg2-debuginfo-2.0.14-8.el6.x86_64.rpm SHA-256: 5e4d070a21591225796dd4e15007cae05c73fc564ce973f2c9eef886d025e2a5
gnupg2-debuginfo-2.0.14-8.el6.x86_64.rpm SHA-256: 5e4d070a21591225796dd4e15007cae05c73fc564ce973f2c9eef886d025e2a5
gnupg2-smime-2.0.14-8.el6.x86_64.rpm SHA-256: c512c6436ec7bdda27da75abca1e038ad6092c3bd47b88e9bbd1e0cf81507d95
i386
gnupg2-2.0.14-8.el6.i686.rpm SHA-256: f242dcb015d53fe3db192d33111d268b5f6fc9f56a3506b712007bfe8e6291ac
gnupg2-debuginfo-2.0.14-8.el6.i686.rpm SHA-256: d67c2e4ea813bbefcc8818c0bd8c471405232e71e62f56dbd5b955ab6e161a8e
gnupg2-debuginfo-2.0.14-8.el6.i686.rpm SHA-256: d67c2e4ea813bbefcc8818c0bd8c471405232e71e62f56dbd5b955ab6e161a8e
gnupg2-smime-2.0.14-8.el6.i686.rpm SHA-256: 9b3276827ac7b5faef6e0b4fa6303cbda8287de26cb913a8a69a0637194be4ba

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6

SRPM
gnupg2-2.0.14-8.el6.src.rpm SHA-256: 00589845762d75872eb858b7e42e9fb653f28f8b42fe9d53d5966d7752b56379
s390x
gnupg2-2.0.14-8.el6.s390x.rpm SHA-256: fef8a6f7fecae68249f021a6826d7366331aee402712f8600b8f02cca98682f9
gnupg2-debuginfo-2.0.14-8.el6.s390x.rpm SHA-256: 8b597c08d55480966a1c83883fc55055f21226f3998c34cf24ac973427d6d627
gnupg2-debuginfo-2.0.14-8.el6.s390x.rpm SHA-256: 8b597c08d55480966a1c83883fc55055f21226f3998c34cf24ac973427d6d627
gnupg2-smime-2.0.14-8.el6.s390x.rpm SHA-256: 1e4f1c2cd2c8a997e6bc81929d2a1a2200fdd72e18619141aa0e0b6a898f28b5

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.