Support / Security / Advisories / Multi Network Firewall 2.0 / MDKSA-2006:228

Package name: gnupg
Date: 2006-12-11
Advisory ID: MDKSA-2006:228
Affected versions: CS4.0 x86_64 , MNF2.0 i586 , 2006.0 i586 , 2007.0 x86_64 , 2007.0 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2006.0 x86_64

Problem description

A "stack overwrite" vulnerability in GnuPG (gpg) allows attackers to
execute arbitrary code via crafted OpenPGP packets that cause GnuPG to
dereference a function pointer from deallocated stack memory.

Updated packages have been patched to correct this issue.

Updated packages

CS4.0 x86_64

 d5bafd16b9ad141f87e9259ae74e6538  corporate/4.0/x86_64/gnupg-1.4.2.2-0.5.20060mlcs4.x86_64.rpm
 576f3921b0f631ede3da9d9efa541182  corporate/4.0/x86_64/gnupg2-1.9.16-4.4.20060mlcs4.x86_64.rpm 
 6222c167396ffaec6afa98efca483241  corporate/4.0/SRPMS/gnupg-1.4.2.2-0.5.20060mlcs4.src.rpm
 11bb29f2b1f7788f1b15c1f6e4503863  corporate/4.0/SRPMS/gnupg2-1.9.16-4.4.20060mlcs4.src.rpm

MNF2.0 i586

 58618fe995c74d079c66d5f56aeb8418  mnf/2.0/i586/gnupg-1.4.2.2-0.6.M20mdk.i586.rpm 
 10bf559c56d1ec0863905d65cc81eb02  mnf/2.0/SRPMS/gnupg-1.4.2.2-0.6.M20mdk.src.rpm

2006.0 i586

 93c4722a375c1f5e6a05a005722c2611  2006.0/i586/gnupg-1.4.2.2-0.5.20060mdk.i586.rpm
 fffa84eb381e5c0db87f230b3c833239  2006.0/i586/gnupg2-1.9.16-4.4.20060mdk.i586.rpm 
 e5ffb4d9fa64ef83afa9ea1faa287926  2006.0/SRPMS/gnupg-1.4.2.2-0.5.20060mdk.src.rpm
 ca942bbd6fcf9ebe78779737d40f14cd  2006.0/SRPMS/gnupg2-1.9.16-4.4.20060mdk.src.rpm

2007.0 x86_64

 42c3c8f43d6ff4f67f93b5077b47a4ea  2007.0/x86_64/gnupg-1.4.5-1.2mdv2007.0.x86_64.rpm
 f9d3ecb8f0eb5b3721d7cd3a7beeff8a  2007.0/x86_64/gnupg2-1.9.22-2.2mdv2007.0.x86_64.rpm 
 b7c1585093289b0adaaf46939ec9f3f8  2007.0/SRPMS/gnupg-1.4.5-1.2mdv2007.0.src.rpm
 4f2757b66ac4762ce46ded5329ec7246  2007.0/SRPMS/gnupg2-1.9.22-2.2mdv2007.0.src.rpm

2007.0 i586

 a517dae5c83be0361406388c75098604  2007.0/i586/gnupg-1.4.5-1.2mdv2007.0.i586.rpm
 76a286545f5e3122bb65dc812cb9660a  2007.0/i586/gnupg2-1.9.22-2.2mdv2007.0.i586.rpm 
 b7c1585093289b0adaaf46939ec9f3f8  2007.0/SRPMS/gnupg-1.4.5-1.2mdv2007.0.src.rpm
 4f2757b66ac4762ce46ded5329ec7246  2007.0/SRPMS/gnupg2-1.9.22-2.2mdv2007.0.src.rpm

CS3.0 x86_64

 0dccce30fd6713dfb228261e10fbb44c  corporate/3.0/x86_64/gnupg-1.4.2.2-0.5.C30mdk.x86_64.rpm 
 15c09b82c8c273ec04ae71addf06d010  corporate/3.0/SRPMS/gnupg-1.4.2.2-0.5.C30mdk.src.rpm

CS4.0 i586

 4908cbaf7474c988c82c2362bfacfa18  corporate/4.0/i586/gnupg-1.4.2.2-0.5.20060mlcs4.i586.rpm
 af02670a8a6446a77b8f09c807b7b44c  corporate/4.0/i586/gnupg2-1.9.16-4.4.20060mlcs4.i586.rpm 
 6222c167396ffaec6afa98efca483241  corporate/4.0/SRPMS/gnupg-1.4.2.2-0.5.20060mlcs4.src.rpm
 11bb29f2b1f7788f1b15c1f6e4503863  corporate/4.0/SRPMS/gnupg2-1.9.16-4.4.20060mlcs4.src.rpm

CS3.0 i586

 7f7a5ddabcea09044efe1a242b4dee91  corporate/3.0/i586/gnupg-1.4.2.2-0.5.C30mdk.i586.rpm 
 15c09b82c8c273ec04ae71addf06d010  corporate/3.0/SRPMS/gnupg-1.4.2.2-0.5.C30mdk.src.rpm

2006.0 x86_64

 745e690087b6ccfc1ca328db1e6f4ebb  2006.0/x86_64/gnupg-1.4.2.2-0.5.20060mdk.x86_64.rpm
 85cf60ed2063692019776138d718b233  2006.0/x86_64/gnupg2-1.9.16-4.4.20060mdk.x86_64.rpm 
 e5ffb4d9fa64ef83afa9ea1faa287926  2006.0/SRPMS/gnupg-1.4.2.2-0.5.20060mdk.src.rpm
 ca942bbd6fcf9ebe78779737d40f14cd  2006.0/SRPMS/gnupg2-1.9.16-4.4.20060mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235