Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2006:0754
HistoryDec 06, 2006 - 6:36 p.m.

gnupg security update

2006-12-0618:36:40
CentOS Project
lists.centos.org
61

0.056 Low

EPSS

Percentile

93.2%

JSON

CentOS Errata and Security Advisory CESA-2006:0754

GnuPG is a utility for encrypting data and creating digital signatures.

Tavis Ormandy discovered a stack overwrite flaw in the way GnuPG decrypts
messages. An attacker could create carefully crafted message that could cause
GnuPG to execute arbitrary code if a victim attempts to decrypt the message.
(CVE-2006-6235)

A heap based buffer overflow flaw was found in the way GnuPG constructs
messages to be written to the terminal during an interactive session. An
attacker could create a carefully crafted message which with user interaction
could cause GnuPG to execute arbitrary code with the permissions of the
user running GnuPG. (CVE-2006-6169)

All users of GnuPG are advised to upgrade to this updated package, which
contains a backported patch to correct these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-December/075580.html
https://lists.centos.org/pipermail/centos-announce/2006-December/075581.html
https://lists.centos.org/pipermail/centos-announce/2006-December/075582.html
https://lists.centos.org/pipermail/centos-announce/2006-December/075583.html
https://lists.centos.org/pipermail/centos-announce/2006-December/075585.html
https://lists.centos.org/pipermail/centos-announce/2006-December/075587.html
https://lists.centos.org/pipermail/centos-announce/2006-December/075591.html
https://lists.centos.org/pipermail/centos-announce/2006-December/075592.html

Affected packages:
gnupg

Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0754

Related

nessus 19
gentoo 1
openvas 16
suse 1
ubuntu 2
slackware 2
redhat 1
oraclelinux 1
centos 1
osv 1
debian 1
fedora 1
cve 2
securityvulns 1
debiancve 2
ubuntucve 2
cert 1
freebsd 1
nessus
nessus
CentOS 3 / 4 : gnupg (CESA-2006:0754)
2006-12-11 00:00:00
openSUSE 10 Security Update : gpg (gpg-2353)
2007-10-17 00:00:00
RHEL 2.1 / 3 / 4 : gnupg (RHSA-2006:0754)
2006-12-11 00:00:00
gentoo
gentoo
GnuPG: Multiple vulnerabilities
2006-12-10 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2006-340-01)
2012-09-10 00:00:00
Slackware: Security Advisory (SSA:2006-340-01b)
2012-09-10 00:00:00
Debian Security Advisory DSA 1231-1 (gnupg)
2008-01-17 00:00:00
suse
suse
remote code execution in gpg,gpg2
2006-12-13 12:47:52
ubuntu
ubuntu
GnuPG2 vulnerabilities
2006-12-07 00:00:00
GnuPG vulnerability
2006-12-07 00:00:00
slackware
slackware
[slackware-security] gnupg [resigned]
2006-12-07 22:03:33
[slackware-security] gnupg
2006-12-06 22:27:00
redhat
redhat
(RHSA-2006:0754) Important: gnupg security update
2006-12-06 00:00:00
oraclelinux
oraclelinux
Important gnupg security update
2006-12-11 00:00:00
centos
centos
gnupg security update
2006-12-07 03:18:30
osv
osv
gnupg
2006-12-09 00:00:00
debian
debian
[SECURITY] [DSA 1231-1] New gnupg packages fix arbitrary code execution
2006-12-09 00:00:00
fedora
fedora
[SECURITY] Fedora Core 5 Update: gnupg-1.4.7-1
2007-03-12 19:15:32
cve
cve
CVE-2006-6169
2006-11-29 18:28:00
CVE-2006-6235
2006-12-07 11:28:00
securityvulns
securityvulns
GnuPG: remotely controllable function pointer [CVE-2006-6235]
2006-12-07 00:00:00
debiancve
debiancve
CVE-2006-6235
2006-12-07 11:28:00
CVE-2006-6169
2006-11-29 18:28:00
ubuntucve
ubuntucve
CVE-2006-6169
2006-11-29 00:00:00
CVE-2006-6235
2006-12-07 00:00:00
cert
cert
GnuPG vulnerable to remote data control
2006-12-18 00:00:00
freebsd
freebsd
gnupg -- remotely controllable function pointer
2006-12-04 00:00:00

0.056 Low

EPSS

Percentile

93.2%

JSON
Related for CESA-2006:0754
nessus19gentoo1openvas16suse1ubuntu2slackware2redhat1oraclelinux1centos1osv1debian1fedora1cve2securityvulns1debiancve2ubuntucve2cert1freebsd1