[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4577377a.C5GCoI5KeAX9EO9W%announce-noreply@rpath.com>
Date: Wed, 06 Dec 2006 16:34:50 -0500
From: rPath Update Announcements <announce-noreply@...th.com>
To: security-announce@...ts.rpath.com,
update-announce@...ts.rpath.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
lwn@....net
Subject: rPSA-2006-0227-1 gnupg
rPath Security Advisory: 2006-0227-1
Published: 2006-12-06
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Indirect Deterministic Privilege Escalation
Updated Versions:
gnupg=/conary.rpath.com@rpl:devel//1/1.4.6-0.1-
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235
https://issues.rpath.com/browse/RPL-835
Description:
Previous versions of the gnupg package will execute attacker-provided
code found in intentionally malformed OpenPGP packets. This allows an
attacker to run arbitrary code as the user invoking gpg on the file
that contains the malformed packets.
Powered by blists - more mailing lists