lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Gtx3p-0007dV-AU@mercury.mandriva.com>
Date: Mon, 11 Dec 2006 19:08:01 -0700
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2006:228 ] - Updated gnupg packages fix
	vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:228
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : gnupg
 Date    : December 11, 2006
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 A "stack overwrite" vulnerability in GnuPG (gpg) allows attackers to
 execute arbitrary code via crafted OpenPGP packets that cause GnuPG to
 dereference a function pointer from deallocated stack memory.

 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 93c4722a375c1f5e6a05a005722c2611  2006.0/i586/gnupg-1.4.2.2-0.5.20060mdk.i586.rpm
 fffa84eb381e5c0db87f230b3c833239  2006.0/i586/gnupg2-1.9.16-4.4.20060mdk.i586.rpm 
 e5ffb4d9fa64ef83afa9ea1faa287926  2006.0/SRPMS/gnupg-1.4.2.2-0.5.20060mdk.src.rpm
 ca942bbd6fcf9ebe78779737d40f14cd  2006.0/SRPMS/gnupg2-1.9.16-4.4.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 745e690087b6ccfc1ca328db1e6f4ebb  2006.0/x86_64/gnupg-1.4.2.2-0.5.20060mdk.x86_64.rpm
 85cf60ed2063692019776138d718b233  2006.0/x86_64/gnupg2-1.9.16-4.4.20060mdk.x86_64.rpm 
 e5ffb4d9fa64ef83afa9ea1faa287926  2006.0/SRPMS/gnupg-1.4.2.2-0.5.20060mdk.src.rpm
 ca942bbd6fcf9ebe78779737d40f14cd  2006.0/SRPMS/gnupg2-1.9.16-4.4.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 a517dae5c83be0361406388c75098604  2007.0/i586/gnupg-1.4.5-1.2mdv2007.0.i586.rpm
 76a286545f5e3122bb65dc812cb9660a  2007.0/i586/gnupg2-1.9.22-2.2mdv2007.0.i586.rpm 
 b7c1585093289b0adaaf46939ec9f3f8  2007.0/SRPMS/gnupg-1.4.5-1.2mdv2007.0.src.rpm
 4f2757b66ac4762ce46ded5329ec7246  2007.0/SRPMS/gnupg2-1.9.22-2.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 42c3c8f43d6ff4f67f93b5077b47a4ea  2007.0/x86_64/gnupg-1.4.5-1.2mdv2007.0.x86_64.rpm
 f9d3ecb8f0eb5b3721d7cd3a7beeff8a  2007.0/x86_64/gnupg2-1.9.22-2.2mdv2007.0.x86_64.rpm 
 b7c1585093289b0adaaf46939ec9f3f8  2007.0/SRPMS/gnupg-1.4.5-1.2mdv2007.0.src.rpm
 4f2757b66ac4762ce46ded5329ec7246  2007.0/SRPMS/gnupg2-1.9.22-2.2mdv2007.0.src.rpm

 Corporate 3.0:
 7f7a5ddabcea09044efe1a242b4dee91  corporate/3.0/i586/gnupg-1.4.2.2-0.5.C30mdk.i586.rpm 
 15c09b82c8c273ec04ae71addf06d010  corporate/3.0/SRPMS/gnupg-1.4.2.2-0.5.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 0dccce30fd6713dfb228261e10fbb44c  corporate/3.0/x86_64/gnupg-1.4.2.2-0.5.C30mdk.x86_64.rpm 
 15c09b82c8c273ec04ae71addf06d010  corporate/3.0/SRPMS/gnupg-1.4.2.2-0.5.C30mdk.src.rpm

 Corporate 4.0:
 4908cbaf7474c988c82c2362bfacfa18  corporate/4.0/i586/gnupg-1.4.2.2-0.5.20060mlcs4.i586.rpm
 af02670a8a6446a77b8f09c807b7b44c  corporate/4.0/i586/gnupg2-1.9.16-4.4.20060mlcs4.i586.rpm 
 6222c167396ffaec6afa98efca483241  corporate/4.0/SRPMS/gnupg-1.4.2.2-0.5.20060mlcs4.src.rpm
 11bb29f2b1f7788f1b15c1f6e4503863  corporate/4.0/SRPMS/gnupg2-1.9.16-4.4.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 d5bafd16b9ad141f87e9259ae74e6538  corporate/4.0/x86_64/gnupg-1.4.2.2-0.5.20060mlcs4.x86_64.rpm
 576f3921b0f631ede3da9d9efa541182  corporate/4.0/x86_64/gnupg2-1.9.16-4.4.20060mlcs4.x86_64.rpm 
 6222c167396ffaec6afa98efca483241  corporate/4.0/SRPMS/gnupg-1.4.2.2-0.5.20060mlcs4.src.rpm
 11bb29f2b1f7788f1b15c1f6e4503863  corporate/4.0/SRPMS/gnupg2-1.9.16-4.4.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 58618fe995c74d079c66d5f56aeb8418  mnf/2.0/i586/gnupg-1.4.2.2-0.6.M20mdk.i586.rpm 
 10bf559c56d1ec0863905d65cc81eb02  mnf/2.0/SRPMS/gnupg-1.4.2.2-0.6.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFfeF3mqjQ0CJFipgRAg8DAJ9TmZlzdEHqRx/TmNwfcAgMtcd9DwCfVNnm
MlSJow6h1QNNTNWWIoBqVjk=
=g7vl
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ