To: [email protected]Subject: [ MDKSA-2006:141 ] - Updated gnupg packages fix vulnerability
Date: Mon, 14 Aug 2006 15:42:00 -0600
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1GCkC8-0001NS-Jt@mercury.mandriva.com.>
Sender: QATeam User <qateam@mercury.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:141
http://www.mandriva.com/security/
_______________________________________________________________________
Package : gnupg
Date : August 14, 2006
Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
An integer overflow vulnerability was discovered in gnupg where an
attacker could create a carefully-crafted message packet with a large
length that could cause gnupg to crash or possibly overwrite memory
when opened.
Updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3746
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
dad4f89b0659db5ce5f0ea5346937f84 2006.0/RPMS/gnupg-1.4.2.2-0.3.20060mdk.i586.rpm
235e259f35fc3e064da19eeafb1928bb 2006.0/RPMS/gnupg2-1.9.16-4.2.20060mdk.i586.rpm
4868f4809119c3eb251c750082eafb0c 2006.0/SRPMS/gnupg-1.4.2.2-0.3.20060mdk.src.rpm
e200d2b1d9fd36bf87a2a115921671e1 2006.0/SRPMS/gnupg2-1.9.16-4.2.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
72633103b324b4a6304849b9adde6dee x86_64/2006.0/RPMS/gnupg-1.4.2.2-0.3.20060mdk.x86_64.rpm
1080c501a35fb063e45fffca91d1c577 x86_64/2006.0/RPMS/gnupg2-1.9.16-4.2.20060mdk.x86_64.rpm
4868f4809119c3eb251c750082eafb0c x86_64/2006.0/SRPMS/gnupg-1.4.2.2-0.3.20060mdk.src.rpm
e200d2b1d9fd36bf87a2a115921671e1 x86_64/2006.0/SRPMS/gnupg2-1.9.16-4.2.20060mdk.src.rpm
Corporate 3.0:
48a68f90d599061b4605580c6dfb87c5 corporate/3.0/RPMS/gnupg-1.4.2.2-0.3.C30mdk.i586.rpm
4948bb972e446f136d8f0c81045a68d6 corporate/3.0/SRPMS/gnupg-1.4.2.2-0.3.C30mdk.src.rpm
Corporate 3.0/X86_64:
ca85cec5ae88d2a6aa0216aed0f38ffd x86_64/corporate/3.0/RPMS/gnupg-1.4.2.2-0.3.C30mdk.x86_64.rpm
4948bb972e446f136d8f0c81045a68d6 x86_64/corporate/3.0/SRPMS/gnupg-1.4.2.2-0.3.C30mdk.src.rpm
Multi Network Firewall 2.0:
0d17b96d0b992d95a74c9a215088425b mnf/2.0/RPMS/gnupg-1.4.2.2-0.4.M20mdk.i586.rpm
6f752ebe3c8094f11f6bf2d3b7f3cb2e mnf/2.0/SRPMS/gnupg-1.4.2.2-0.4.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFE4MFVmqjQ0CJFipgRAmyEAJ0aTvIeW+OJxKW/q/cWKxThqTy86QCfSs0U
DEbL1baQptTF7BJh164sn/Y=
=GPyb
-----END PGP SIGNATURE-----