Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2006:0754-01
HistoryDec 07, 2006 - 3:18 a.m.

gnupg security update

2006-12-0703:18:30
CentOS Project
lists.centos.org
42

0.056 Low

EPSS

Percentile

93.2%

JSON

CentOS Errata and Security Advisory CESA-2006:0754-01

GnuPG is a utility for encrypting data and creating digital signatures.

Tavis Ormandy discovered a stack overwrite flaw in the way GnuPG decrypts
messages. An attacker could create carefully crafted message that could cause
GnuPG to execute arbitrary code if a victim attempts to decrypt the message.
(CVE-2006-6235)

A heap based buffer overflow flaw was found in the way GnuPG constructs
messages to be written to the terminal during an interactive session. An
attacker could create a carefully crafted message which with user interaction
could cause GnuPG to execute arbitrary code with the permissions of the
user running GnuPG. (CVE-2006-6169)

All users of GnuPG are advised to upgrade to this updated package, which
contains a backported patch to correct these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-December/075588.html

Affected packages:
gnupg

OSVersionArchitecturePackageVersionFilename
CentOS2i386gnupg< 1.0.7-20gnupg-1.0.7-20.i386.rpm

Related

nessus 19
openvas 16
gentoo 1
suse 1
ubuntu 2
slackware 2
redhat 1
oraclelinux 1
centos 1
osv 1
debian 1
fedora 1
debiancve 2
cve 2
ubuntucve 2
securityvulns 1
cert 1
freebsd 1
nessus
nessus
CentOS 3 / 4 : gnupg (CESA-2006:0754)
2006-12-11 00:00:00
openSUSE 10 Security Update : gpg (gpg-2353)
2007-10-17 00:00:00
openSUSE 10 Security Update : gpg (gpg-2388)
2007-10-17 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2006-340-01)
2012-09-10 00:00:00
Slackware: Security Advisory (SSA:2006-340-01b)
2012-09-10 00:00:00
Slackware Advisory SSA:2006-340-01 gnupg
2012-09-11 00:00:00
gentoo
gentoo
GnuPG: Multiple vulnerabilities
2006-12-10 00:00:00
suse
suse
remote code execution in gpg,gpg2
2006-12-13 12:47:52
ubuntu
ubuntu
GnuPG2 vulnerabilities
2006-12-07 00:00:00
GnuPG vulnerability
2006-12-07 00:00:00
slackware
slackware
[slackware-security] gnupg [resigned]
2006-12-07 22:03:33
[slackware-security] gnupg
2006-12-06 22:27:00
redhat
redhat
(RHSA-2006:0754) Important: gnupg security update
2006-12-06 00:00:00
oraclelinux
oraclelinux
Important gnupg security update
2006-12-11 00:00:00
centos
centos
gnupg security update
2006-12-06 18:36:40
osv
osv
gnupg
2006-12-09 00:00:00
debian
debian
[SECURITY] [DSA 1231-1] New gnupg packages fix arbitrary code execution
2006-12-09 00:00:00
fedora
fedora
[SECURITY] Fedora Core 5 Update: gnupg-1.4.7-1
2007-03-12 19:15:32
debiancve
debiancve
CVE-2006-6235
2006-12-07 11:28:00
CVE-2006-6169
2006-11-29 18:28:00
cve
cve
CVE-2006-6169
2006-11-29 18:28:00
CVE-2006-6235
2006-12-07 11:28:00
ubuntucve
ubuntucve
CVE-2006-6169
2006-11-29 00:00:00
CVE-2006-6235
2006-12-07 00:00:00
securityvulns
securityvulns
GnuPG: remotely controllable function pointer [CVE-2006-6235]
2006-12-07 00:00:00
cert
cert
GnuPG vulnerable to remote data control
2006-12-18 00:00:00
freebsd
freebsd
gnupg -- remotely controllable function pointer
2006-12-04 00:00:00

0.056 Low

EPSS

Percentile

93.2%

JSON
Related for CESA-2006:0754-01
nessus19openvas16gentoo1suse1ubuntu2slackware2redhat1oraclelinux1centos1osv1debian1fedora1debiancve2cve2ubuntucve2securityvulns1cert1freebsd1