|
|
Family: Debian Local Security Checks --> Category: infos
[DSA1231] DSA-1231-1 gnupg Vulnerability Scan
Vulnerability Scan Summary
DSA-1231-1 gnupg
Detailed Explanation for this Vulnerability Test
Several remote vulnerabilities have been discovered in the GNU privacy guard,
a free PGP replacement, which may lead to the execution of arbitrary code.
The Common Vulnerabilities and Exposures project identifies the following
problems:
Werner Koch discovered that a buffer overflow in a sanitising function
may lead to execution of arbitrary code when running gnupg
interactively.
Tavis Ormandy discovered that parsing a carefully crafted OpenPGP
packet may lead to the execution of arbitrary code, as a function
pointer of an internal structure may be controlled through the
decryption routines.
For the stable distribution (sarge) these problems have been fixed in
version 1.4.1-1.sarge6.
For the upcoming stable distribution (etch) these problems have been
fixed in version 1.4.6-1.
For the unstable distribution (sid) these problems have been fixed in
version 1.4.6-1.
We recommend that you upgrade your gnupg packages.
Solution : http://www.debian.org/security/2006/dsa-1231
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
