Sicherheit: Zahlenüberlauf in gnupg

Lesezeichen hinzufügen

This is a multi-part message in MIME format...

------------=_1155594945-9299-1151

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:141
http://www.mandriva.com/security/
_______________________________________________________________________

Package : gnupg
Date : August 14, 2006
Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

An integer overflow vulnerability was discovered in gnupg where an
attacker could create a carefully-crafted message packet with a large
length that could cause gnupg to crash or possibly overwrite memory
when opened.

Updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3746
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
dad4f89b0659db5ce5f0ea5346937f84
2006.0/RPMS/gnupg-1.4.2.2-0.3.20060mdk.i586.rpm
235e259f35fc3e064da19eeafb1928bb
2006.0/RPMS/gnupg2-1.9.16-4.2.20060mdk.i586.rpm
4868f4809119c3eb251c750082eafb0c
2006.0/SRPMS/gnupg-1.4.2.2-0.3.20060mdk.src.rpm
e200d2b1d9fd36bf87a2a115921671e1
2006.0/SRPMS/gnupg2-1.9.16-4.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
72633103b324b4a6304849b9adde6dee
x86_64/2006.0/RPMS/gnupg-1.4.2.2-0.3.20060mdk.x86_64.rpm
1080c501a35fb063e45fffca91d1c577
x86_64/2006.0/RPMS/gnupg2-1.9.16-4.2.20060mdk.x86_64.rpm
4868f4809119c3eb251c750082eafb0c
x86_64/2006.0/SRPMS/gnupg-1.4.2.2-0.3.20060mdk.src.rpm
e200d2b1d9fd36bf87a2a115921671e1
x86_64/2006.0/SRPMS/gnupg2-1.9.16-4.2.20060mdk.src.rpm

Corporate 3.0:
48a68f90d599061b4605580c6dfb87c5
corporate/3.0/RPMS/gnupg-1.4.2.2-0.3.C30mdk.i586.rpm
4948bb972e446f136d8f0c81045a68d6
corporate/3.0/SRPMS/gnupg-1.4.2.2-0.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
ca85cec5ae88d2a6aa0216aed0f38ffd
x86_64/corporate/3.0/RPMS/gnupg-1.4.2.2-0.3.C30mdk.x86_64.rpm
4948bb972e446f136d8f0c81045a68d6
x86_64/corporate/3.0/SRPMS/gnupg-1.4.2.2-0.3.C30mdk.src.rpm

Multi Network Firewall 2.0:
0d17b96d0b992d95a74c9a215088425b
mnf/2.0/RPMS/gnupg-1.4.2.2-0.4.M20mdk.i586.rpm
6f752ebe3c8094f11f6bf2d3b7f3cb2e
mnf/2.0/SRPMS/gnupg-1.4.2.2-0.4.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE4MFVmqjQ0CJFipgRAmyEAJ0aTvIeW+OJxKW/q/cWKxThqTy86QCfSs0U
DEbL1baQptTF7BJh164sn/Y=
=GPyb
-----END PGP SIGNATURE-----

------------=_1155594945-9299-1151
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1155594945-9299-1151--