gnupg 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1166490468
업데이트 : 2006.12.19
상세내용
. CVE-2006-6169
Heap-based buffer overflow in the ask_outfile_name function in
openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively,
might allow attackers to execute arbitrary code via messages with
"C-escape" expansions, which cause the make_printable_string function
to return a longer string than expected while constructing a prompt.
. CVE-2006-6235
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6,
2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute
arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference
a function pointer from deallocated stack memory.
Autoupdates 지원 : 지원
update 패키지
RPMS :
. gnupg-1.2.6-8.i686.rpm
SRPMS :
. gnupg-1.2.6-8.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235
|