what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2006.228

Mandriva Linux Security Advisory 2006.228
Posted Dec 14, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006:228: A "stack overwrite" vulnerability in GnuPG (gpg) allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.

tags | advisory, arbitrary
systems | linux, mandriva
SHA-256 | 97463d4d797ca0c930fef1d5390b8ff7dfb35fd414a4d7b46ba81a77394739bd

Mandriva Linux Security Advisory 2006.228

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:228
http://www.mandriva.com/security/
_______________________________________________________________________

Package : gnupg
Date : December 11, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

A "stack overwrite" vulnerability in GnuPG (gpg) allows attackers to
execute arbitrary code via crafted OpenPGP packets that cause GnuPG to
dereference a function pointer from deallocated stack memory.

Updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
93c4722a375c1f5e6a05a005722c2611 2006.0/i586/gnupg-1.4.2.2-0.5.20060mdk.i586.rpm
fffa84eb381e5c0db87f230b3c833239 2006.0/i586/gnupg2-1.9.16-4.4.20060mdk.i586.rpm
e5ffb4d9fa64ef83afa9ea1faa287926 2006.0/SRPMS/gnupg-1.4.2.2-0.5.20060mdk.src.rpm
ca942bbd6fcf9ebe78779737d40f14cd 2006.0/SRPMS/gnupg2-1.9.16-4.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
745e690087b6ccfc1ca328db1e6f4ebb 2006.0/x86_64/gnupg-1.4.2.2-0.5.20060mdk.x86_64.rpm
85cf60ed2063692019776138d718b233 2006.0/x86_64/gnupg2-1.9.16-4.4.20060mdk.x86_64.rpm
e5ffb4d9fa64ef83afa9ea1faa287926 2006.0/SRPMS/gnupg-1.4.2.2-0.5.20060mdk.src.rpm
ca942bbd6fcf9ebe78779737d40f14cd 2006.0/SRPMS/gnupg2-1.9.16-4.4.20060mdk.src.rpm

Mandriva Linux 2007.0:
a517dae5c83be0361406388c75098604 2007.0/i586/gnupg-1.4.5-1.2mdv2007.0.i586.rpm
76a286545f5e3122bb65dc812cb9660a 2007.0/i586/gnupg2-1.9.22-2.2mdv2007.0.i586.rpm
b7c1585093289b0adaaf46939ec9f3f8 2007.0/SRPMS/gnupg-1.4.5-1.2mdv2007.0.src.rpm
4f2757b66ac4762ce46ded5329ec7246 2007.0/SRPMS/gnupg2-1.9.22-2.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
42c3c8f43d6ff4f67f93b5077b47a4ea 2007.0/x86_64/gnupg-1.4.5-1.2mdv2007.0.x86_64.rpm
f9d3ecb8f0eb5b3721d7cd3a7beeff8a 2007.0/x86_64/gnupg2-1.9.22-2.2mdv2007.0.x86_64.rpm
b7c1585093289b0adaaf46939ec9f3f8 2007.0/SRPMS/gnupg-1.4.5-1.2mdv2007.0.src.rpm
4f2757b66ac4762ce46ded5329ec7246 2007.0/SRPMS/gnupg2-1.9.22-2.2mdv2007.0.src.rpm

Corporate 3.0:
7f7a5ddabcea09044efe1a242b4dee91 corporate/3.0/i586/gnupg-1.4.2.2-0.5.C30mdk.i586.rpm
15c09b82c8c273ec04ae71addf06d010 corporate/3.0/SRPMS/gnupg-1.4.2.2-0.5.C30mdk.src.rpm

Corporate 3.0/X86_64:
0dccce30fd6713dfb228261e10fbb44c corporate/3.0/x86_64/gnupg-1.4.2.2-0.5.C30mdk.x86_64.rpm
15c09b82c8c273ec04ae71addf06d010 corporate/3.0/SRPMS/gnupg-1.4.2.2-0.5.C30mdk.src.rpm

Corporate 4.0:
4908cbaf7474c988c82c2362bfacfa18 corporate/4.0/i586/gnupg-1.4.2.2-0.5.20060mlcs4.i586.rpm
af02670a8a6446a77b8f09c807b7b44c corporate/4.0/i586/gnupg2-1.9.16-4.4.20060mlcs4.i586.rpm
6222c167396ffaec6afa98efca483241 corporate/4.0/SRPMS/gnupg-1.4.2.2-0.5.20060mlcs4.src.rpm
11bb29f2b1f7788f1b15c1f6e4503863 corporate/4.0/SRPMS/gnupg2-1.9.16-4.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
d5bafd16b9ad141f87e9259ae74e6538 corporate/4.0/x86_64/gnupg-1.4.2.2-0.5.20060mlcs4.x86_64.rpm
576f3921b0f631ede3da9d9efa541182 corporate/4.0/x86_64/gnupg2-1.9.16-4.4.20060mlcs4.x86_64.rpm
6222c167396ffaec6afa98efca483241 corporate/4.0/SRPMS/gnupg-1.4.2.2-0.5.20060mlcs4.src.rpm
11bb29f2b1f7788f1b15c1f6e4503863 corporate/4.0/SRPMS/gnupg2-1.9.16-4.4.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
58618fe995c74d079c66d5f56aeb8418 mnf/2.0/i586/gnupg-1.4.2.2-0.6.M20mdk.i586.rpm
10bf559c56d1ec0863905d65cc81eb02 mnf/2.0/SRPMS/gnupg-1.4.2.2-0.6.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFfeF3mqjQ0CJFipgRAg8DAJ9TmZlzdEHqRx/TmNwfcAgMtcd9DwCfVNnm
MlSJow6h1QNNTNWWIoBqVjk=
=g7vl
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close