| |||||||||||||||||||
Pardus alert 2010-105 (gnupg)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2010-105 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2010-08-11 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability has been fixed in GnuPG, which can be exploited by malicious people to potentially compromise a user's system. Description =========== CVE-2010-2547: Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature. Affected packages: Pardus 2009: gnupg, all before 2.0.11-27-5 Resolution ========== There are update(s) for gnupg. You can update them via Package Manager or with a single command from console: pisi up gnupg References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=13906 * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... ------------------------------------------------------------------------ _______________________________________________ Pardus-security mailing list Pardus-security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||