Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2006-340-01
HistoryDec 06, 2006 - 10:27 p.m.

[slackware-security] gnupg

2006-12-0622:27:00
Slackware Linux Project
www.slackware.com
20

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.056 Low

EPSS

Percentile

93.2%

JSON

New gnupg packages are available for Slackware 9.0, 9.1, 10.0, 10.1,
10.2, and 11.0 to fix security issues.

More details about the issues may be found here:
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html
https://vulners.com/cve/CVE-2006-6235
https://vulners.com/cve/CVE-2006-6169

Here are the details from the Slackware 11.0 ChangeLog:

patches/packages/gnupg-1.4.6-i486-1_slack11.0.tgz:
Upgraded to gnupg-1.4.6. This release fixes a severe and exploitable
bug in earlier versions of gnupg. All gnupg users should update to the
new packages as soon as possible. For details, see the information
concerning CVE-2006-6235 posted on lists.gnupg.org:
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html
The CVE entry for this issue may be found here:
https://vulners.com/cve/CVE-2006-6235
This update also addresses a more minor security issue possibly
exploitable when GnuPG is used in interactive mode. For more information
about that issue, see:
https://vulners.com/cve/CVE-2006-6169
(* Security fix *)

Where to find the new packages:

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/gnupg-1.4.6-i386-1_slack9.0.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/gnupg-1.4.6-i486-1_slack9.1.tgz

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/gnupg-1.4.6-i486-1_slack10.0.tgz

Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/gnupg-1.4.6-i486-1_slack10.1.tgz

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/gnupg-1.4.6-i486-1_slack10.2.tgz

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gnupg-1.4.6-i486-1_slack11.0.tgz

MD5 signatures:

Slackware 9.0 package:
bc23c2e8fd1862a3749d7ea9478654e2 gnupg-1.4.6-i386-1_slack9.0.tgz

Slackware 9.1 package:
1ec4938e51b300f332696f76ce5476b5 gnupg-1.4.6-i486-1_slack9.1.tgz

Slackware 10.0 package:
8be8d0094be837dca5274c6ef17d0856 gnupg-1.4.6-i486-1_slack10.0.tgz

Slackware 10.1 package:
bdaf8c564a758fb13faecc8f030a8f3c gnupg-1.4.6-i486-1_slack10.1.tgz

Slackware 10.2 package:
1c9e9f1364086ccdb204d50d0ee87df2 gnupg-1.4.6-i486-1_slack10.2.tgz

Slackware 11.0 package:
8f0cd5490e5a12bddc4be418c6806fa3 gnupg-1.4.6-i486-1_slack11.0.tgz

Installation instructions:

Upgrade the package as root:
> upgradepkg gnupg-1.4.6-i486-1_slack11.0.tgz

Related

nessus 19
openvas 16
suse 1
slackware 1
ubuntu 2
redhat 1
oraclelinux 1
centos 2
gentoo 1
osv 1
debian 1
fedora 1
cve 2
securityvulns 1
debiancve 2
ubuntucve 2
cert 1
freebsd 1
nessus
nessus
openSUSE 10 Security Update : gpg2 (gpg2-2352)
2007-10-17 00:00:00
RHEL 2.1 / 3 / 4 : gnupg (RHSA-2006:0754)
2006-12-11 00:00:00
Debian DSA-1231-1 : gnupg - several vulnerabilities
2006-12-11 00:00:00
openvas
openvas
Debian Security Advisory DSA 1231-1 (gnupg)
2008-01-17 00:00:00
Slackware Advisory SSA:2006-340-01b gnupg [resigned]
2012-09-11 00:00:00
Gentoo Security Advisory GLSA 200612-03 (gnupg)
2008-09-24 00:00:00
suse
suse
remote code execution in gpg,gpg2
2006-12-13 12:47:52
slackware
slackware
[slackware-security] gnupg [resigned]
2006-12-07 22:03:33
ubuntu
ubuntu
GnuPG2 vulnerabilities
2006-12-07 00:00:00
GnuPG vulnerability
2006-12-07 00:00:00
redhat
redhat
(RHSA-2006:0754) Important: gnupg security update
2006-12-06 00:00:00
oraclelinux
oraclelinux
Important gnupg security update
2006-12-11 00:00:00
centos
centos
gnupg security update
2006-12-06 18:36:40
gnupg security update
2006-12-07 03:18:30
gentoo
gentoo
GnuPG: Multiple vulnerabilities
2006-12-10 00:00:00
osv
osv
gnupg
2006-12-09 00:00:00
debian
debian
[SECURITY] [DSA 1231-1] New gnupg packages fix arbitrary code execution
2006-12-09 00:00:00
fedora
fedora
[SECURITY] Fedora Core 5 Update: gnupg-1.4.7-1
2007-03-12 19:15:32
cve
cve
CVE-2006-6169
2006-11-29 18:28:00
CVE-2006-6235
2006-12-07 11:28:00
securityvulns
securityvulns
GnuPG: remotely controllable function pointer [CVE-2006-6235]
2006-12-07 00:00:00
debiancve
debiancve
CVE-2006-6235
2006-12-07 11:28:00
CVE-2006-6169
2006-11-29 18:28:00
ubuntucve
ubuntucve
CVE-2006-6235
2006-12-07 00:00:00
CVE-2006-6169
2006-11-29 00:00:00
cert
cert
GnuPG vulnerable to remote data control
2006-12-18 00:00:00
freebsd
freebsd
gnupg -- remotely controllable function pointer
2006-12-04 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.056 Low

EPSS

Percentile

93.2%

JSON
Related for SSA-2006-340-01
nessus19openvas16suse1slackware1ubuntu2redhat1oraclelinux1centos2gentoo1osv1debian1fedora1cve2securityvulns1debiancve2ubuntucve2cert1freebsd1