(RHSA-2006:0615) gnupg security update

2006-08-0200:00:00

access.redhat.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.897 High

EPSS

Percentile

98.5%

JSON

GnuPG is a utility for encrypting data and creating digital signatures.

An integer overflow flaw was found in GnuPG. An attacker could create a
carefully crafted message packet with a large length that could cause GnuPG
to crash or possibly overwrite memory when opened. (CVE-2006-3746)

All users of GnuPG are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.

OSVersionArchitecturePackageVersionFilename
RedHatanyx86_64gnupg< 1.2.1-17gnupg-1.2.1-17.x86_64.rpm
RedHatanys390xgnupg< 1.2.6-6gnupg-1.2.6-6.s390x.rpm
RedHatanys390gnupg< 1.2.6-6gnupg-1.2.6-6.s390.rpm
RedHatanyi386gnupg< 1.2.1-17gnupg-1.2.1-17.i386.rpm
RedHatanys390gnupg< 1.2.1-17gnupg-1.2.1-17.s390.rpm
RedHatanyppcgnupg< 1.2.6-6gnupg-1.2.6-6.ppc.rpm
RedHatanyppcgnupg< 1.2.1-17gnupg-1.2.1-17.ppc.rpm
RedHatanyi386gnupg< 1.2.6-6gnupg-1.2.6-6.i386.rpm
RedHatanyia64gnupg< 1.0.7-18gnupg-1.0.7-18.ia64.rpm
RedHatanyi386gnupg< 1.0.7-18gnupg-1.0.7-18.i386.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	x86_64	gnupg	< 1.2.1-17	gnupg-1.2.1-17.x86_64.rpm
RedHat	any	s390x	gnupg	< 1.2.6-6	gnupg-1.2.6-6.s390x.rpm
RedHat	any	s390	gnupg	< 1.2.6-6	gnupg-1.2.6-6.s390.rpm
RedHat	any	i386	gnupg	< 1.2.1-17	gnupg-1.2.1-17.i386.rpm
RedHat	any	s390	gnupg	< 1.2.1-17	gnupg-1.2.1-17.s390.rpm
RedHat	any	ppc	gnupg	< 1.2.6-6	gnupg-1.2.6-6.ppc.rpm
RedHat	any	ppc	gnupg	< 1.2.1-17	gnupg-1.2.1-17.ppc.rpm
RedHat	any	i386	gnupg	< 1.2.6-6	gnupg-1.2.6-6.i386.rpm
RedHat	any	ia64	gnupg	< 1.0.7-18	gnupg-1.0.7-18.ia64.rpm
RedHat	any	i386	gnupg	< 1.0.7-18	gnupg-1.0.7-18.i386.rpm