Login
Newsletter
Werbung

Sicherheit: Pufferüberlauf in gnupg
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in gnupg
ID: MDKSA-2006:221
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Multi Network Firewall 2.0, Mandriva 2006.0, Mandriva Corporate 4.0, Mandriva 2007.0
Datum: Fr, 1. Dezember 2006, 08:43
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169
Applikationen: The GNU Privacy Guard

Originalnachricht

This is a multi-part message in MIME format...

------------=_1164959018-16192-3692


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:221
http://www.mandriva.com/security/
_______________________________________________________________________

Package : gnupg
Date : November 30, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

Buffer overflow in the ask_outfile_name function in openfile.c for
GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow
attackers to execute arbitrary code via messages that cause the
make_printable_string function to return a longer string than expected
while constructing a prompt.

Updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
c3ce4cd92136d7f632c14a6c80938b82
2006.0/i586/gnupg-1.4.2.2-0.4.20060mdk.i586.rpm
bfaeaba79a74d3873b598f90e0e801e0
2006.0/i586/gnupg2-1.9.16-4.3.20060mdk.i586.rpm
9ac3ae5eb7475c230c7a7d0937c1c381
2006.0/SRPMS/gnupg-1.4.2.2-0.4.20060mdk.src.rpm
c5da4a8a6e5bd9ec333d73180d93d64f
2006.0/SRPMS/gnupg2-1.9.16-4.3.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
8fcc5fdb170d0b268c13f93aabe0502e
2006.0/x86_64/gnupg-1.4.2.2-0.4.20060mdk.x86_64.rpm
b7ef342175e3eaac7fc3794159f2064e
2006.0/x86_64/gnupg2-1.9.16-4.3.20060mdk.x86_64.rpm
9ac3ae5eb7475c230c7a7d0937c1c381
2006.0/SRPMS/gnupg-1.4.2.2-0.4.20060mdk.src.rpm
c5da4a8a6e5bd9ec333d73180d93d64f
2006.0/SRPMS/gnupg2-1.9.16-4.3.20060mdk.src.rpm

Mandriva Linux 2007.0:
d7ddd9237786b5e2d3b0fed45f1a1071
2007.0/i586/gnupg-1.4.5-1.1mdv2007.0.i586.rpm
cc2078cc49dc6fb5f11add689684e60a
2007.0/i586/gnupg2-1.9.22-2.1mdv2007.0.i586.rpm
a492a12d44d0491f676566959847c4e6
2007.0/SRPMS/gnupg-1.4.5-1.1mdv2007.0.src.rpm
f1816783fde74d0233d44ae64301886c
2007.0/SRPMS/gnupg2-1.9.22-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
9ba224c45d13760e8100d88159818da0
2007.0/x86_64/gnupg-1.4.5-1.1mdv2007.0.x86_64.rpm
13a6b47c7f88ffc1614e42a1276b7ac4
2007.0/x86_64/gnupg2-1.9.22-2.1mdv2007.0.x86_64.rpm
a492a12d44d0491f676566959847c4e6
2007.0/SRPMS/gnupg-1.4.5-1.1mdv2007.0.src.rpm
f1816783fde74d0233d44ae64301886c
2007.0/SRPMS/gnupg2-1.9.22-2.1mdv2007.0.src.rpm

Corporate 3.0:
92abcd2621d7f9ae84625abda55ac4d0
corporate/3.0/i586/gnupg-1.4.2.2-0.4.C30mdk.i586.rpm
ec6725061073900f143df92a6f398f20
corporate/3.0/SRPMS/gnupg-1.4.2.2-0.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
b6d1b7f3f609295724f3fe2372ba6103
corporate/3.0/x86_64/gnupg-1.4.2.2-0.4.C30mdk.x86_64.rpm
ec6725061073900f143df92a6f398f20
corporate/3.0/SRPMS/gnupg-1.4.2.2-0.4.C30mdk.src.rpm

Corporate 4.0:
7149e243684d303bd5b2bbda7ee9ffb9
corporate/4.0/i586/gnupg-1.4.2.2-0.4.20060mlcs4.i586.rpm
c918da1cadd3c86aca8a6317cd36fc28
corporate/4.0/i586/gnupg2-1.9.16-4.3.20060mlcs4.i586.rpm
b94a486c4644fd56ed61602b0ab7fac7
corporate/4.0/SRPMS/gnupg-1.4.2.2-0.4.20060mlcs4.src.rpm
eb8b52a35c09081cc9f3f8e70ae67e5f
corporate/4.0/SRPMS/gnupg2-1.9.16-4.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
ad3b69e395186d56ec93a2ac21330bc3
corporate/4.0/x86_64/gnupg-1.4.2.2-0.4.20060mlcs4.x86_64.rpm
8c7327c6d4244a7a8ead9d1f5f4f462e
corporate/4.0/x86_64/gnupg2-1.9.16-4.3.20060mlcs4.x86_64.rpm
b94a486c4644fd56ed61602b0ab7fac7
corporate/4.0/SRPMS/gnupg-1.4.2.2-0.4.20060mlcs4.src.rpm
eb8b52a35c09081cc9f3f8e70ae67e5f
corporate/4.0/SRPMS/gnupg2-1.9.16-4.3.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
08d7f0201cff5462b8ad7ea010e241b2
mnf/2.0/i586/gnupg-1.4.2.2-0.5.M20mdk.i586.rpm
2c9b6c752e00c97793e7e436c89d2c5a
mnf/2.0/SRPMS/gnupg-1.4.2.2-0.5.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFb3PbmqjQ0CJFipgRAr2rAJ9RIKCR3c9Ub/bUZOiV2TOkLqC31ACeLyjd
ViNXuwBd2xrr6sqSzGL+2DU=
=H7Y/
-----END PGP SIGNATURE-----


------------=_1164959018-16192-3692
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1164959018-16192-3692--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung