Linux Security
    Linux Security
    Linux Security

    Debian: New gnupg packages fix arbitrary code execution

    Posted By
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1231-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.                         Moritz Muehlenhoff
    December 9th, 2006            
    - --------------------------------------------------------------------------
    Package        : gnupg
    Vulnerability  : several
    Problem-Type   : local(remote)
    Debian-specific: no
    CVE ID         : CVE-2006-6169 CVE-2006-6235
    Debian Bug     : 401894 401898 401914
    Several remote vulnerabilities have been discovered in the GNU privacy,
    a free PGP replacement, which may lead to the execution of arbitrary code.
    The Common Vulnerabilities and Exposures project identifies the following
        Werner Koch discovered that a buffer overflow in a sanitising function
        may lead to execution of arbitrary code when running gnupg
        Tavis Ormandy discovered that parsing a carefully crafted OpenPGP
        packet may lead to the execution of arbitrary code, as a function
        pointer of an internal structure may be controlled through the
        decryption routines.
    For the stable distribution (sarge) these problems have been fixed in
    version 1.4.1-1.sarge6.
    For the upcoming stable distribution (etch) these problems have been
    fixed in version 1.4.6-1.
    For the unstable distribution (sid) these problems have been fixed in
    version 1.4.6-1.
    We recommend that you upgrade your gnupg packages.
    Upgrade Instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
      Source archives:
          Size/MD5 checksum:      680 f99d9936fdb3d87b37f719d4f507702a
          Size/MD5 checksum:    22889 219b13435d4594c530614638590b65d3
          Size/MD5 checksum:  4059170 1cc77c6943baaa711222e954bbd785e5
      Alpha architecture:
          Size/MD5 checksum:  2156230 950520b2391eb6444593c66a8e96d6c3
      AMD64 architecture:
          Size/MD5 checksum:  1963738 589ab9ab433e000e919a38f558f54f5e
      ARM architecture:
          Size/MD5 checksum:  1899822 158ed8fe21da9e2b8c730b3b2acce9a8
      HP Precision architecture:
          Size/MD5 checksum:  2004374 9daff80c38cf65bb299fb5ee370d44d6
      Intel IA-32 architecture:
          Size/MD5 checksum:  1909194 8752d3578b55a7fd1535bba18ca0770c
      Intel IA-64 architecture:
          Size/MD5 checksum:  2325806 38fa7bb8def3d1a296aa6aa3432561a3
      Motorola 680x0 architecture:
          Size/MD5 checksum:  1811222 f51182d8badb7c2b0ef42b78c71be16d
      Big endian MIPS architecture:
          Size/MD5 checksum:  2001184 cc087abacd572bed64a2ab191d863946
      Little endian MIPS architecture:
          Size/MD5 checksum:  2007888 c42342dd898361ed9fcee1bdc8edc3e2
      PowerPC architecture:
          Size/MD5 checksum:  1958036 ff8ee1d008561ce87732847e895024ec
      IBM S/390 architecture:
          Size/MD5 checksum:  1967406 693212d3c1b12bf7f6f204daa0531f6a
      Sun Sparc architecture:
          Size/MD5 checksum:  1897740 3821e5e9e69241324d781fe78ed1ace7
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


    LinuxSecurity Poll

    Which aspect of server security are you most interested in learning more about?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"131","title":"Preventing information leakage","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"132","title":"Firewall considerations","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"133","title":"Permissions ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.