|
|
>> Mandriva Security Update Fixes GnuPG OpenPGP Messages Memory Corruption Issue
|
Title : Mandriva Security Update Fixes GnuPG OpenPGP Messages Memory Corruption Issue
VUPEN ID : VUPEN/ADV-2006-4952
CVE ID : CVE-2006-6235
Rated as : Critical 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-12-12
|
Mandriva has released security updates to address a vulnerability identified in GnuPG. This flaw could be exploited by attackers to cause a denial of service or execute arbitrary commands. For additional information, see : VUPEN/ADV-2006-4881
Affected Products
Mandriva Linux 2006.0
Mandriva Linux 2007.0
Mandriva Corporate 3.0
Mandriva Corporate 4.0
Mandriva Multi Network Firewall 2.0
Solution
Upgrade the affected packages :
Mandriva Linux 2006.0:
93c4722a375c1f5e6a05a005722c2611 2006.0/i586/gnupg-1.4.2.2-0.5.20060mdk.i586.rpm
fffa84eb381e5c0db87f230b3c833239 2006.0/i586/gnupg2-1.9.16-4.4.20060mdk.i586.rpm
e5ffb4d9fa64ef83afa9ea1faa287926 2006.0/SRPMS/gnupg-1.4.2.2-0.5.20060mdk.src.rpm
ca942bbd6fcf9ebe78779737d40f14cd 2006.0/SRPMS/gnupg2-1.9.16-4.4.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
745e690087b6ccfc1ca328db1e6f4ebb 2006.0/x86_64/gnupg-1.4.2.2-0.5.20060mdk.x86_64.rpm
85cf60ed2063692019776138d718b233 2006.0/x86_64/gnupg2-1.9.16-4.4.20060mdk.x86_64.rpm
e5ffb4d9fa64ef83afa9ea1faa287926 2006.0/SRPMS/gnupg-1.4.2.2-0.5.20060mdk.src.rpm
ca942bbd6fcf9ebe78779737d40f14cd 2006.0/SRPMS/gnupg2-1.9.16-4.4.20060mdk.src.rpm
Mandriva Linux 2007.0:
a517dae5c83be0361406388c75098604 2007.0/i586/gnupg-1.4.5-1.2mdv2007.0.i586.rpm
76a286545f5e3122bb65dc812cb9660a 2007.0/i586/gnupg2-1.9.22-2.2mdv2007.0.i586.rpm
b7c1585093289b0adaaf46939ec9f3f8 2007.0/SRPMS/gnupg-1.4.5-1.2mdv2007.0.src.rpm
4f2757b66ac4762ce46ded5329ec7246 2007.0/SRPMS/gnupg2-1.9.22-2.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
42c3c8f43d6ff4f67f93b5077b47a4ea 2007.0/x86_64/gnupg-1.4.5-1.2mdv2007.0.x86_64.rpm
f9d3ecb8f0eb5b3721d7cd3a7beeff8a 2007.0/x86_64/gnupg2-1.9.22-2.2mdv2007.0.x86_64.rpm
b7c1585093289b0adaaf46939ec9f3f8 2007.0/SRPMS/gnupg-1.4.5-1.2mdv2007.0.src.rpm
4f2757b66ac4762ce46ded5329ec7246 2007.0/SRPMS/gnupg2-1.9.22-2.2mdv2007.0.src.rpm
Corporate 3.0:
7f7a5ddabcea09044efe1a242b4dee91 corporate/3.0/i586/gnupg-1.4.2.2-0.5.C30mdk.i586.rpm
15c09b82c8c273ec04ae71addf06d010 corporate/3.0/SRPMS/gnupg-1.4.2.2-0.5.C30mdk.src.rpm
Corporate 3.0/X86_64:
0dccce30fd6713dfb228261e10fbb44c corporate/3.0/x86_64/gnupg-1.4.2.2-0.5.C30mdk.x86_64.rpm
15c09b82c8c273ec04ae71addf06d010 corporate/3.0/SRPMS/gnupg-1.4.2.2-0.5.C30mdk.src.rpm
Corporate 4.0:
4908cbaf7474c988c82c2362bfacfa18 corporate/4.0/i586/gnupg-1.4.2.2-0.5.20060mlcs4.i586.rpm
af02670a8a6446a77b8f09c807b7b44c corporate/4.0/i586/gnupg2-1.9.16-4.4.20060mlcs4.i586.rpm
6222c167396ffaec6afa98efca483241 corporate/4.0/SRPMS/gnupg-1.4.2.2-0.5.20060mlcs4.src.rpm
11bb29f2b1f7788f1b15c1f6e4503863 corporate/4.0/SRPMS/gnupg2-1.9.16-4.4.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
d5bafd16b9ad141f87e9259ae74e6538 corporate/4.0/x86_64/gnupg-1.4.2.2-0.5.20060mlcs4.x86_64.rpm
576f3921b0f631ede3da9d9efa541182 corporate/4.0/x86_64/gnupg2-1.9.16-4.4.20060mlcs4.x86_64.rpm
6222c167396ffaec6afa98efca483241 corporate/4.0/SRPMS/gnupg-1.4.2.2-0.5.20060mlcs4.src.rpm
11bb29f2b1f7788f1b15c1f6e4503863 corporate/4.0/SRPMS/gnupg2-1.9.16-4.4.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
58618fe995c74d079c66d5f56aeb8418 mnf/2.0/i586/gnupg-1.4.2.2-0.6.M20mdk.i586.rpm
10bf559c56d1ec0863905d65cc81eb02 mnf/2.0/SRPMS/gnupg-1.4.2.2-0.6.M20mdk.src.rpm
References
http://www.vupen.com/english/advisories/2006/4952
http://archives.mandrivalinux.com/security-announce/2006-12/msg00014.php
ChangeLog
2006-12-12 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
