CentOS Errata and Security Advisory CESA-2006:0754-01
GnuPG is a utility for encrypting data and creating digital signatures.
Tavis Ormandy discovered a stack overwrite flaw in the way GnuPG decrypts
messages. An attacker could create carefully crafted message that could cause
GnuPG to execute arbitrary code if a victim attempts to decrypt the message.
(CVE-2006-6235)
A heap based buffer overflow flaw was found in the way GnuPG constructs
messages to be written to the terminal during an interactive session. An
attacker could create a carefully crafted message which with user interaction
could cause GnuPG to execute arbitrary code with the permissions of the
user running GnuPG. (CVE-2006-6169)
All users of GnuPG are advised to upgrade to this updated package, which
contains a backported patch to correct these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-December/075588.html
Affected packages:
gnupg
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | gnupg | < 1.0.7-20 | gnupg-1.0.7-20.i386.rpm |