Create an account

Subscribe to LWN

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Weekly edition	Kernel	Security	Distributions	Contact Us	Search
Archives	Calendar	Subscribe	Write for LWN	LWN.net FAQ	Sponsors

gnupg: code execution

Package(s):

gnupg2

CVE #(s):

CVE-2010-2547

Created:

July 28, 2010

Updated:

October 24, 2011

Description:

GnuPG 2 suffers from a use-after-free vulnerability which could possibly be exploited (via a signature or certificate) to execute arbitrary code.

Alerts:

Gentoo	201110-15	2011-10-22
MeeGo	MeeGo-SA-10:30	2010-10-09
SUSE	SUSE-SR:2010:020	2010-11-03
Slackware	SSA:2010-240-01	2010-08-30
Fedora	FEDORA-2010-11382	2010-07-27
SUSE	SUSE-SR:2010:015	2010-08-17
Pardus	2010-105	2010-08-11
Ubuntu	USN-970-1	2010-08-11
CentOS	CESA-2010:0603	2010-08-06
openSUSE	openSUSE-SU-2010:0479-1	2010-08-06
Red Hat	RHSA-2010:0603-01	2010-08-04
Fedora	FEDORA-2010-11413	2010-07-27
Mandriva	MDVSA-2010:143	2010-07-28
Debian	DSA-2076-1	2010-07-27

(Log in to post comments)

gnupg: code execution

Posted Jul 29, 2010 15:50 UTC (Thu) by dd9jn (subscriber, #4459) [Link]

See http://lists.gnupg.org/pipermail/gnupg-users/2010-July/03... for info on why I now think it is not possible to expolit this bug.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds