LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

gnupg: remote denial of service

Package(s):gnupg CVE #(s):CVE-2006-3082
Created:June 21, 2006 Updated:July 28, 2006
Description: A vulnerability was discovered in GnuPG 1.4.3 and 1.9.20 (and earlier) that could allow a remote attacker to cause gpg to crash and possibly overwrite memory via a message packet with a large length.
Alerts:
SuSE SUSE-SR:2006:018 2006-07-28
Debian DSA-1115-1 2006-07-21
Debian DSA-1107-1 2006-07-10
Fedora FEDORA-2006-757 2006-06-30
Fedora FEDORA-2006-755 2006-06-30
SuSE SUSE-SR:2006:015 2006-06-30
rPath rPSA-2006-0120-1 2006-06-29
Slackware SSA:2006-178-02 2006-06-28
Ubuntu USN-304-1 2006-06-26
OpenPKG OpenPKG-SA-2006.010 2006-06-26
Mandriva MDKSA-2006:110 2006-06-20
(Log in to post comments)

gnupg: remote denial of service

Posted Jun 25, 2006 14:37 UTC (Sun) by dd9jn (subscriber, #4459) [Link]

I have just released GnuPG 1.4.4 to fix this problem.

Note that the gpg part of gnupg 1.9.20 is not build by default and it clearly states that it is work in progress and not to be used. With the latest release (1.9.21), it even terminates itself immediately and showing a message that GnuPG 1.4.x should be used for OpenPGP. Thus there will be no bug fix release for that version.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds