lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Gpz5B-0008Pa-5F@mercury.mandriva.com>
Date: Thu, 30 Nov 2006 20:29:01 -0700
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2006:221 ] - Updated gnupg packages fix vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:221
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : gnupg
 Date    : November 30, 2006
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 Buffer overflow in the ask_outfile_name function in openfile.c for
 GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow
 attackers to execute arbitrary code via messages that cause the
 make_printable_string function to return a longer string than expected
 while constructing a prompt.

 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 c3ce4cd92136d7f632c14a6c80938b82  2006.0/i586/gnupg-1.4.2.2-0.4.20060mdk.i586.rpm
 bfaeaba79a74d3873b598f90e0e801e0  2006.0/i586/gnupg2-1.9.16-4.3.20060mdk.i586.rpm 
 9ac3ae5eb7475c230c7a7d0937c1c381  2006.0/SRPMS/gnupg-1.4.2.2-0.4.20060mdk.src.rpm
 c5da4a8a6e5bd9ec333d73180d93d64f  2006.0/SRPMS/gnupg2-1.9.16-4.3.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 8fcc5fdb170d0b268c13f93aabe0502e  2006.0/x86_64/gnupg-1.4.2.2-0.4.20060mdk.x86_64.rpm
 b7ef342175e3eaac7fc3794159f2064e  2006.0/x86_64/gnupg2-1.9.16-4.3.20060mdk.x86_64.rpm 
 9ac3ae5eb7475c230c7a7d0937c1c381  2006.0/SRPMS/gnupg-1.4.2.2-0.4.20060mdk.src.rpm
 c5da4a8a6e5bd9ec333d73180d93d64f  2006.0/SRPMS/gnupg2-1.9.16-4.3.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 d7ddd9237786b5e2d3b0fed45f1a1071  2007.0/i586/gnupg-1.4.5-1.1mdv2007.0.i586.rpm
 cc2078cc49dc6fb5f11add689684e60a  2007.0/i586/gnupg2-1.9.22-2.1mdv2007.0.i586.rpm 
 a492a12d44d0491f676566959847c4e6  2007.0/SRPMS/gnupg-1.4.5-1.1mdv2007.0.src.rpm
 f1816783fde74d0233d44ae64301886c  2007.0/SRPMS/gnupg2-1.9.22-2.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 9ba224c45d13760e8100d88159818da0  2007.0/x86_64/gnupg-1.4.5-1.1mdv2007.0.x86_64.rpm
 13a6b47c7f88ffc1614e42a1276b7ac4  2007.0/x86_64/gnupg2-1.9.22-2.1mdv2007.0.x86_64.rpm 
 a492a12d44d0491f676566959847c4e6  2007.0/SRPMS/gnupg-1.4.5-1.1mdv2007.0.src.rpm
 f1816783fde74d0233d44ae64301886c  2007.0/SRPMS/gnupg2-1.9.22-2.1mdv2007.0.src.rpm

 Corporate 3.0:
 92abcd2621d7f9ae84625abda55ac4d0  corporate/3.0/i586/gnupg-1.4.2.2-0.4.C30mdk.i586.rpm 
 ec6725061073900f143df92a6f398f20  corporate/3.0/SRPMS/gnupg-1.4.2.2-0.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 b6d1b7f3f609295724f3fe2372ba6103  corporate/3.0/x86_64/gnupg-1.4.2.2-0.4.C30mdk.x86_64.rpm 
 ec6725061073900f143df92a6f398f20  corporate/3.0/SRPMS/gnupg-1.4.2.2-0.4.C30mdk.src.rpm

 Corporate 4.0:
 7149e243684d303bd5b2bbda7ee9ffb9  corporate/4.0/i586/gnupg-1.4.2.2-0.4.20060mlcs4.i586.rpm
 c918da1cadd3c86aca8a6317cd36fc28  corporate/4.0/i586/gnupg2-1.9.16-4.3.20060mlcs4.i586.rpm 
 b94a486c4644fd56ed61602b0ab7fac7  corporate/4.0/SRPMS/gnupg-1.4.2.2-0.4.20060mlcs4.src.rpm
 eb8b52a35c09081cc9f3f8e70ae67e5f  corporate/4.0/SRPMS/gnupg2-1.9.16-4.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 ad3b69e395186d56ec93a2ac21330bc3  corporate/4.0/x86_64/gnupg-1.4.2.2-0.4.20060mlcs4.x86_64.rpm
 8c7327c6d4244a7a8ead9d1f5f4f462e  corporate/4.0/x86_64/gnupg2-1.9.16-4.3.20060mlcs4.x86_64.rpm 
 b94a486c4644fd56ed61602b0ab7fac7  corporate/4.0/SRPMS/gnupg-1.4.2.2-0.4.20060mlcs4.src.rpm
 eb8b52a35c09081cc9f3f8e70ae67e5f  corporate/4.0/SRPMS/gnupg2-1.9.16-4.3.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 08d7f0201cff5462b8ad7ea010e241b2  mnf/2.0/i586/gnupg-1.4.2.2-0.5.M20mdk.i586.rpm 
 2c9b6c752e00c97793e7e436c89d2c5a  mnf/2.0/SRPMS/gnupg-1.4.2.2-0.5.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFb3PbmqjQ0CJFipgRAr2rAJ9RIKCR3c9Ub/bUZOiV2TOkLqC31ACeLyjd
ViNXuwBd2xrr6sqSzGL+2DU=
=H7Y/
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ