GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sat Aug 05, 2006 12:26 pm Post subject: [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability |
 |
|
Gentoo Linux Security Advisory
Title: GnuPG: Integer overflow vulnerability (GLSA 200608-08)
Severity: high
Exploitable: remote
Date: August 05, 2006
Updated: August 08, 2006
Bug(s): #142248
ID: 200608-08
Synopsis
GnuPG is vulnerable to an integer overflow that could lead to the execution of arbitrary code.
Background
The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software.
Affected Packages
Package: app-crypt/gnupg
Vulnerable: < 1.4.5
Unaffected: >= 1.4.5
Architectures: All supported architectures
Description
Evgeny Legerov discovered a vulnerability in GnuPG that when certain packets are handled an integer overflow may occur.
Impact
By sending a specially crafted email to a user running an affected version of GnuPG, a remote attacker could possibly execute arbitrary code with the permissions of the user running GnuPG.
Workaround
There is no known workaround at this time.
Resolution
All GnuPG users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose "=app-crypt/gnupg-1.4*" |
References
CVE-2006-3746
Last edited by GLSA on Mon Jul 21, 2008 4:18 am; edited 3 times in total |
|
News & Announcements
