rPSA-2006-0227-1 gnupg
rPath Update Announcements
announce-noreply at rpath.com
Wed Dec 6 16:34:50 EST 2006
rPath Security Advisory: 2006-0227-1
Published: 2006-12-06
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Indirect Deterministic Privilege Escalation
Updated Versions:
gnupg=/conary.rpath.com at rpl:devel//1/1.4.6-0.1-
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235
https://issues.rpath.com/browse/RPL-835
Description:
Previous versions of the gnupg package will execute attacker-provided
code found in intentionally malformed OpenPGP packets. This allows an
attacker to run arbitrary code as the user invoking gpg on the file
that contains the malformed packets.
More information about the security-announce
mailing list