OpenPKG Security Advisory
OpenPKG-SA-2006.010
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2006.010 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2006.010 Advisory Published: 2008-10-06 16:20 UTC Issue Id (internal): OpenPKG-SI-20060626.01 Issue First Created: 2006-06-26 Issue Last Modified: 2006-12-07 Issue Revision: 07
Subject Name: GNUPG Subject Summary: GNU Privacy Guard Subject Home: http://www.gnupg.org/ Subject Versions: * <= 1.4.3 Vulnerability Id: CVE-2006-3082 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: local system Attack Impact: denial of service Description: According to a vendor security release note [0], a memory allocation attack possibility exists in the GnuPG [1] cryptography tool, version 1.4.3 and earlier. The problem allows remote attackers to cause a Denial of Service (DoS) (GnuPG crashes) and possibly overwrite memory via a message packet with a large length, which could lead to an integer overflow, as demonstrated using the "--no-armor" option. References: [0] http://lists.gnupg.org/pipermail/gnupg-announce/2006q2/000226.html [1] http://www.gnupg.org/
Primary Package Name: gnupg Primary Package Home: http://openpkg.org/go/package/gnupg Affected Distribution: Affected Branch: Affected Package: OpenPKG Community 2.5-SOLID gnupg-1.4.2-2.5.1 OpenPKG Community 2-STABLE-20060622 gnupg-1.4.4-2.20060622 OpenPKG Community CURRENT gnupg-1.4.3-20060403 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Community 2.5-SOLID gnupg-1.4.2-2.5.2 OpenPKG Community 2-STABLE-20060622 gnupg-1.4.4-2.20060622 OpenPKG Community CURRENT gnupg-1.4.4-20060625
