Lucene search
SuseSUSE-SA:2006:014HistoryMar 10, 2006 - 5:18 p.m.
remote code execution in gpg
2006-03-1017:18:31
lists.opensuse.org
8
0.006 Low
EPSS
Percentile
76.0%
The GNU Privacy Guard (GPG) allows crafting a message which could check out correct using “–verify”, but would extract a different, potentially malicious content when using “-o --batch”.
Solution
There is no known workaround, please install the update packages.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 9.1 | i586 | gpg | < 1.2.4-68.13 | gpg-1.2.4-68.13.i586.rpm |
| openSUSE | 9.3 | i586 | gpg | < 1.4.0-4.4 | gpg-1.4.0-4.4.i586.rpm |
| openSUSE | 9.1 | x86_64 | gpg | < 1.2.4-68.13 | gpg-1.2.4-68.13.x86_64.rpm |
| openSUSE | 10.0 | i586 | gpg | < 1.4.2-5.4 | gpg-1.4.2-5.4.i586.rpm |
| openSUSE | 9.2 | x86_64 | gpg | < 1.2.5-3.6 | gpg-1.2.5-3.6.x86_64.rpm |
| openSUSE | 10.0 | x86_64 | gpg | < 1.4.2-5.4 | gpg-1.4.2-5.4.x86_64.rpm |
| openSUSE | 10.0 | ppc | gpg | < 1.4.2-5.4 | gpg-1.4.2-5.4.ppc.rpm |
| openSUSE | 9.2 | i586 | gpg | < 1.2.5-3.6 | gpg-1.2.5-3.6.i586.rpm |
| openSUSE | 9.3 | x86_64 | gpg | < 1.4.0-4.4 | gpg-1.4.0-4.4.x86_64.rpm |
Related
ubuntucve
ubuntucve
CVE-2006-0049
2006-03-13 00:00:00
CVE-2006-0455
2006-02-15 00:00:00
centos
centos
gnupg security update
2006-03-21 22:54:57
gnupg security update
2006-03-16 00:53:16
redhat
redhat
(RHSA-2006:0266) gnupg security update
2006-03-15 00:00:00
openvas
openvas
FreeBSD Ports: gnupg
2008-09-04 00:00:00
Slackware Advisory SSA:2006-072-02 gnupg
2012-09-11 00:00:00
FreeBSD Ports: gnupg
2008-09-04 00:00:00
slackware
slackware
[slackware-security] gnupg
2006-03-14 04:59:29
cve
cve
CVE-2006-0049
2006-03-13 21:06:00
CVE-2006-0455
2006-02-15 22:06:00
nessus
nessus
Mandrake Linux Security Advisory : gnupg (MDKSA-2006:055)
2006-03-18 00:00:00
RHEL 4 : gnupg (RHSA-2006:0266)
2006-03-16 00:00:00
Slackware 10.0 / 10.1 / 10.2 / 9.0 / 9.1 / current : gnupg (SSA:2006-072-02)
2006-03-14 00:00:00
prion
prion
Code injection
2006-03-13 21:06:00
Code injection
2006-02-15 22:06:00
debiancve
debiancve
CVE-2006-0049
2006-03-13 21:06:00
CVE-2006-0455
2006-02-15 22:06:00
debian
debian
[SECURITY] [DSA 993-1] New GnuPG packages fix broken signature check
2006-03-10 00:00:00
[SECURITY] [DSA 993-2] New GnuPG packages fix broken signature check
2006-03-13 00:00:00
[SECURITY] [DSA 993-2] New GnuPG packages fix broken signature check
2006-03-13 13:16:52
freebsd
freebsd
GnuPG does not detect injection of unsigned data
2006-03-09 00:00:00
gnupg -- false positive signature verification
2006-02-15 00:00:00
gentoo
gentoo
GnuPG: Incorrect signature verification
2006-03-10 00:00:00
GnuPG: Incorrect signature verification
2006-02-18 00:00:00
securityvulns
securityvulns
GnuPG does not detect injection of unsigned data
2006-03-10 00:00:00
ubuntu
ubuntu
gnupg vulnerability
2006-04-04 00:00:00
gnupg vulnerability
2006-02-18 00:00:00
suse
suse
remote code execution in gpg,liby2util
2006-03-01 09:23:07
remote code execution in gpg,liby2util
2006-02-20 16:55:38