Lucene search
GoogleOSV:DSA-1231-1HistoryDec 09, 2006 - 12:00 a.m.
gnupg
2006-12-0900:00:00
Google
osv.dev
12
0.056 Low
EPSS
Percentile
93.3%
Several remote vulnerabilities have been discovered in the GNU privacy guard,
a free PGP replacement, which may lead to the execution of arbitrary code.
The Common Vulnerabilities and Exposures project identifies the following
problems:
- CVE-2006-6169
Werner Koch discovered that a buffer overflow in a sanitising function
may lead to execution of arbitrary code when running gnupg
interactively. - CVE-2006-6235
Tavis Ormandy discovered that parsing a carefully crafted OpenPGP
packet may lead to the execution of arbitrary code, as a function
pointer of an internal structure may be controlled through the
decryption routines.
For the stable distribution (sarge) these problems have been fixed in
version 1.4.1-1.sarge6.
For the upcoming stable distribution (etch) these problems have been
fixed in version 1.4.6-1.
For the unstable distribution (sid) these problems have been fixed in
version 1.4.6-1.
We recommend that you upgrade your gnupg packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| gnupg | eq | 1.4.1-1.sarge4 | |
| gnupg | eq | 1.4.1-1.sarge5 | |
| gnupg | eq | 1.4.1-1.sarge2 | |
| gnupg | eq | 1.4.1-1.sarge3 | |
| gnupg | eq | 1.4.1-1sarge1 | |
| gnupg | eq | 1.4.1-1 |
References
Related
nessus
nessus
RHEL 2.1 / 3 / 4 : gnupg (RHSA-2006:0754)
2006-12-11 00:00:00
openSUSE 10 Security Update : gpg2 (gpg2-2352)
2007-10-17 00:00:00
openSUSE 10 Security Update : gpg (gpg-2353)
2007-10-17 00:00:00
slackware
slackware
[slackware-security] gnupg [resigned]
2006-12-07 22:03:33
[slackware-security] gnupg
2006-12-06 22:27:00
suse
suse
remote code execution in gpg,gpg2
2006-12-13 12:47:52
openvas
openvas
Gentoo Security Advisory GLSA 200612-03 (gnupg)
2008-09-24 00:00:00
Debian Security Advisory DSA 1231-1 (gnupg)
2008-01-17 00:00:00
Slackware Advisory SSA:2006-340-01b gnupg [resigned]
2012-09-11 00:00:00
ubuntu
ubuntu
GnuPG2 vulnerabilities
2006-12-07 00:00:00
GnuPG vulnerability
2006-12-07 00:00:00
gentoo
gentoo
GnuPG: Multiple vulnerabilities
2006-12-10 00:00:00
centos
centos
gnupg security update
2006-12-07 03:18:30
gnupg security update
2006-12-06 18:36:40
redhat
redhat
(RHSA-2006:0754) Important: gnupg security update
2006-12-06 00:00:00
oraclelinux
oraclelinux
Important gnupg security update
2006-12-11 00:00:00
debian
debian
[SECURITY] [DSA 1231-1] New gnupg packages fix arbitrary code execution
2006-12-09 09:39:51
fedora
fedora
[SECURITY] Fedora Core 5 Update: gnupg-1.4.7-1
2007-03-12 19:15:32
cvelist
cvelist
CVE-2006-6235
2006-12-07 11:00:00
CVE-2006-6169
2006-11-29 18:00:00
securityvulns
securityvulns
GnuPG: remotely controllable function pointer [CVE-2006-6235]
2006-12-07 00:00:00
cert
cert
GnuPG vulnerable to remote data control
2006-12-18 00:00:00
cve
cve
CVE-2006-6235
2006-12-07 11:28:00
CVE-2006-6169
2006-11-29 18:28:00
ubuntucve
ubuntucve
CVE-2006-6235
2006-12-07 00:00:00
CVE-2006-6169
2006-11-29 00:00:00
nvd
nvd
CVE-2006-6169
2006-11-29 18:28:00
CVE-2006-6235
2006-12-07 11:28:00
debiancve
debiancve
CVE-2006-6235
2006-12-07 11:28:00
CVE-2006-6169
2006-11-29 18:28:00
freebsd
freebsd
gnupg -- remotely controllable function pointer
2006-12-04 00:00:00