CentOS Errata and Security Advisory CESA-2006:0754
GnuPG is a utility for encrypting data and creating digital signatures.
Tavis Ormandy discovered a stack overwrite flaw in the way GnuPG decrypts
messages. An attacker could create carefully crafted message that could cause
GnuPG to execute arbitrary code if a victim attempts to decrypt the message.
(CVE-2006-6235)
A heap based buffer overflow flaw was found in the way GnuPG constructs
messages to be written to the terminal during an interactive session. An
attacker could create a carefully crafted message which with user interaction
could cause GnuPG to execute arbitrary code with the permissions of the
user running GnuPG. (CVE-2006-6169)
All users of GnuPG are advised to upgrade to this updated package, which
contains a backported patch to correct these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-December/075580.html
https://lists.centos.org/pipermail/centos-announce/2006-December/075581.html
https://lists.centos.org/pipermail/centos-announce/2006-December/075582.html
https://lists.centos.org/pipermail/centos-announce/2006-December/075583.html
https://lists.centos.org/pipermail/centos-announce/2006-December/075585.html
https://lists.centos.org/pipermail/centos-announce/2006-December/075587.html
https://lists.centos.org/pipermail/centos-announce/2006-December/075591.html
https://lists.centos.org/pipermail/centos-announce/2006-December/075592.html
Affected packages:
gnupg
Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0754
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | i386 | gnupg | < 1.2.1-19 | gnupg-1.2.1-19.i386.rpm |
CentOS | 3 | x86_64 | gnupg | < 1.2.1-19 | gnupg-1.2.1-19.x86_64.rpm |
CentOS | 3 | ia64 | gnupg | < 1.2.1-19 | gnupg-1.2.1-19.ia64.rpm |
CentOS | 4 | ia64 | gnupg | < 1.2.6-8 | gnupg-1.2.6-8.ia64.rpm |
CentOS | 4 | s390 | gnupg | < 1.2.6-8 | gnupg-1.2.6-8.s390.rpm |
CentOS | 4 | s390x | gnupg | < 1.2.6-8 | gnupg-1.2.6-8.s390x.rpm |
CentOS | 3 | s390 | gnupg | < 1.2.1-19 | gnupg-1.2.1-19.s390.rpm |
CentOS | 3 | s390x | gnupg | < 1.2.1-19 | gnupg-1.2.1-19.s390x.rpm |
CentOS | 4 | i386 | gnupg | < 1.2.6-8 | gnupg-1.2.6-8.i386.rpm |
CentOS | 4 | x86_64 | gnupg | < 1.2.6-8 | gnupg-1.2.6-8.x86_64.rpm |