-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:141 http://www.mandriva.com/security/ _______________________________________________________________________ Package : gnupg Date : August 14, 2006 Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: An integer overflow vulnerability was discovered in gnupg where an attacker could create a carefully-crafted message packet with a large length that could cause gnupg to crash or possibly overwrite memory when opened. Updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3746 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: dad4f89b0659db5ce5f0ea5346937f84 2006.0/RPMS/gnupg-1.4.2.2-0.3.20060mdk.i586.rpm 235e259f35fc3e064da19eeafb1928bb 2006.0/RPMS/gnupg2-1.9.16-4.2.20060mdk.i586.rpm 4868f4809119c3eb251c750082eafb0c 2006.0/SRPMS/gnupg-1.4.2.2-0.3.20060mdk.src.rpm e200d2b1d9fd36bf87a2a115921671e1 2006.0/SRPMS/gnupg2-1.9.16-4.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 72633103b324b4a6304849b9adde6dee x86_64/2006.0/RPMS/gnupg-1.4.2.2-0.3.20060mdk.x86_64.rpm 1080c501a35fb063e45fffca91d1c577 x86_64/2006.0/RPMS/gnupg2-1.9.16-4.2.20060mdk.x86_64.rpm 4868f4809119c3eb251c750082eafb0c x86_64/2006.0/SRPMS/gnupg-1.4.2.2-0.3.20060mdk.src.rpm e200d2b1d9fd36bf87a2a115921671e1 x86_64/2006.0/SRPMS/gnupg2-1.9.16-4.2.20060mdk.src.rpm Corporate 3.0: 48a68f90d599061b4605580c6dfb87c5 corporate/3.0/RPMS/gnupg-1.4.2.2-0.3.C30mdk.i586.rpm 4948bb972e446f136d8f0c81045a68d6 corporate/3.0/SRPMS/gnupg-1.4.2.2-0.3.C30mdk.src.rpm Corporate 3.0/X86_64: ca85cec5ae88d2a6aa0216aed0f38ffd x86_64/corporate/3.0/RPMS/gnupg-1.4.2.2-0.3.C30mdk.x86_64.rpm 4948bb972e446f136d8f0c81045a68d6 x86_64/corporate/3.0/SRPMS/gnupg-1.4.2.2-0.3.C30mdk.src.rpm Multi Network Firewall 2.0: 0d17b96d0b992d95a74c9a215088425b mnf/2.0/RPMS/gnupg-1.4.2.2-0.4.M20mdk.i586.rpm 6f752ebe3c8094f11f6bf2d3b7f3cb2e mnf/2.0/SRPMS/gnupg-1.4.2.2-0.4.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFE4MFVmqjQ0CJFipgRAmyEAJ0aTvIeW+OJxKW/q/cWKxThqTy86QCfSs0U DEbL1baQptTF7BJh164sn/Y= =GPyb -----END PGP SIGNATURE-----