Navigation
|
|
| Problem Description |
Buffer overflow in the ask_outfile_name function in openfile.c for
GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow
attackers to execute arbitrary code via messages that cause the
make_printable_string function to return a longer string than expected
while constructing a prompt.
Updated packages have been patched to correct this issue.
| Updated Packages |
Corporate Server 3.0
92abcd2621d7f9ae84625abda55ac4d0 corporate/3.0/i586/gnupg-1.4.2.2-0.4.C30mdk.i586.rpm ec6725061073900f143df92a6f398f20 corporate/3.0/SRPMS/gnupg-1.4.2.2-0.4.C30mdk.src.rpm
Corporate Server 3.0/X86_64
b6d1b7f3f609295724f3fe2372ba6103 corporate/3.0/x86_64/gnupg-1.4.2.2-0.4.C30mdk.x86_64.rpm ec6725061073900f143df92a6f398f20 corporate/3.0/SRPMS/gnupg-1.4.2.2-0.4.C30mdk.src.rpm
Multi Network Firewall 2.0
08d7f0201cff5462b8ad7ea010e241b2 mnf/2.0/i586/gnupg-1.4.2.2-0.5.M20mdk.i586.rpm 2c9b6c752e00c97793e7e436c89d2c5a mnf/2.0/SRPMS/gnupg-1.4.2.2-0.5.M20mdk.src.rpm
Mandriva Linux 2006
c3ce4cd92136d7f632c14a6c80938b82 2006.0/i586/gnupg-1.4.2.2-0.4.20060mdk.i586.rpm bfaeaba79a74d3873b598f90e0e801e0 2006.0/i586/gnupg2-1.9.16-4.3.20060mdk.i586.rpm 9ac3ae5eb7475c230c7a7d0937c1c381 2006.0/SRPMS/gnupg-1.4.2.2-0.4.20060mdk.src.rpm c5da4a8a6e5bd9ec333d73180d93d64f 2006.0/SRPMS/gnupg2-1.9.16-4.3.20060mdk.src.rpm
Mandriva Linux 2006/X86_64
8fcc5fdb170d0b268c13f93aabe0502e 2006.0/x86_64/gnupg-1.4.2.2-0.4.20060mdk.x86_64.rpm b7ef342175e3eaac7fc3794159f2064e 2006.0/x86_64/gnupg2-1.9.16-4.3.20060mdk.x86_64.rpm 9ac3ae5eb7475c230c7a7d0937c1c381 2006.0/SRPMS/gnupg-1.4.2.2-0.4.20060mdk.src.rpm c5da4a8a6e5bd9ec333d73180d93d64f 2006.0/SRPMS/gnupg2-1.9.16-4.3.20060mdk.src.rpm
Mandriva Linux 2007
d7ddd9237786b5e2d3b0fed45f1a1071 2007.0/i586/gnupg-1.4.5-1.1mdv2007.0.i586.rpm cc2078cc49dc6fb5f11add689684e60a 2007.0/i586/gnupg2-1.9.22-2.1mdv2007.0.i586.rpm a492a12d44d0491f676566959847c4e6 2007.0/SRPMS/gnupg-1.4.5-1.1mdv2007.0.src.rpm f1816783fde74d0233d44ae64301886c 2007.0/SRPMS/gnupg2-1.9.22-2.1mdv2007.0.src.rpm
Mandriva Linux 2007/X86_64
9ba224c45d13760e8100d88159818da0 2007.0/x86_64/gnupg-1.4.5-1.1mdv2007.0.x86_64.rpm 13a6b47c7f88ffc1614e42a1276b7ac4 2007.0/x86_64/gnupg2-1.9.22-2.1mdv2007.0.x86_64.rpm a492a12d44d0491f676566959847c4e6 2007.0/SRPMS/gnupg-1.4.5-1.1mdv2007.0.src.rpm f1816783fde74d0233d44ae64301886c 2007.0/SRPMS/gnupg2-1.9.22-2.1mdv2007.0.src.rpm
Corporate Server 4.0
7149e243684d303bd5b2bbda7ee9ffb9 corporate/4.0/i586/gnupg-1.4.2.2-0.4.20060mlcs4.i586.rpm c918da1cadd3c86aca8a6317cd36fc28 corporate/4.0/i586/gnupg2-1.9.16-4.3.20060mlcs4.i586.rpm b94a486c4644fd56ed61602b0ab7fac7 corporate/4.0/SRPMS/gnupg-1.4.2.2-0.4.20060mlcs4.src.rpm eb8b52a35c09081cc9f3f8e70ae67e5f corporate/4.0/SRPMS/gnupg2-1.9.16-4.3.20060mlcs4.src.rpm
Corporate Server 4.0/X86_64
ad3b69e395186d56ec93a2ac21330bc3 corporate/4.0/x86_64/gnupg-1.4.2.2-0.4.20060mlcs4.x86_64.rpm 8c7327c6d4244a7a8ead9d1f5f4f462e corporate/4.0/x86_64/gnupg2-1.9.16-4.3.20060mlcs4.x86_64.rpm b94a486c4644fd56ed61602b0ab7fac7 corporate/4.0/SRPMS/gnupg-1.4.2.2-0.4.20060mlcs4.src.rpm eb8b52a35c09081cc9f3f8e70ae67e5f corporate/4.0/SRPMS/gnupg2-1.9.16-4.3.20060mlcs4.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.