GnuPG is a utility for encrypting data and creating digital signatures.
Tavis Ormandy discovered a stack overwrite flaw in the way GnuPG decrypts
messages. An attacker could create carefully crafted message that could cause
GnuPG to execute arbitrary code if a victim attempts to decrypt the message.
(CVE-2006-6235)
A heap based buffer overflow flaw was found in the way GnuPG constructs
messages to be written to the terminal during an interactive session. An
attacker could create a carefully crafted message which with user interaction
could cause GnuPG to execute arbitrary code with the permissions of the
user running GnuPG. (CVE-2006-6169)
All users of GnuPG are advised to upgrade to this updated package, which
contains a backported patch to correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | x86_64 | gnupg | < 1.2.1-19 | gnupg-1.2.1-19.x86_64.rpm |
RedHat | any | i386 | gnupg | < 1.2.6-8 | gnupg-1.2.6-8.i386.rpm |
RedHat | any | s390 | gnupg | < 1.2.1-19 | gnupg-1.2.1-19.s390.rpm |
RedHat | any | i386 | gnupg | < 1.0.7-20 | gnupg-1.0.7-20.i386.rpm |
RedHat | any | s390 | gnupg | < 1.2.6-8 | gnupg-1.2.6-8.s390.rpm |
RedHat | any | s390x | gnupg | < 1.2.1-19 | gnupg-1.2.1-19.s390x.rpm |
RedHat | any | s390x | gnupg | < 1.2.6-8 | gnupg-1.2.6-8.s390x.rpm |
RedHat | any | ia64 | gnupg | < 1.2.1-19 | gnupg-1.2.1-19.ia64.rpm |
RedHat | any | ia64 | gnupg | < 1.2.6-8 | gnupg-1.2.6-8.ia64.rpm |
RedHat | any | ia64 | gnupg | < 1.0.7-20 | gnupg-1.0.7-20.ia64.rpm |