ðòïåëôù
áòèé÷
Security-alerts @yandex-team.ru
óôáôøé
ðåòóïîáìøîïå
ðòïçòáííù
ðéûéôåðéóøíá
> > ---------------------------------------------------------------------- > > TITLE: > GnuPG OpenPGP Message Decryption Vulnerability > > SECUNIA ADVISORY ID: > SA23245 > > VERIFY ADVISORY: > http://secunia.com/advisories/23245/ > > CRITICAL: > Highly critical > > IMPACT: > System access > > WHERE: > From remote > > SOFTWARE: > GnuPG / gpg 2.x > http://secunia.com/product/12760/ > GnuPG / gpg 1.4.x > http://secunia.com/product/8087/ > GnuPG / gpg 1.0.x > http://secunia.com/product/2573/ > GnuPG / gpg 1.2.x > http://secunia.com/product/309/ > GnuPG / gpg 1.3.x > http://secunia.com/product/2591/ > > DESCRIPTION: > Tavis Ormandy has reported a vulnerability in GnuPG, which can be > exploited by malicious people to compromise a vulnerable system. > > The vulnerability is caused due to an error within the decryption of > malformed OpenPGP messages. This can be exploited to corrupt memory > when decrypting a specially crafted OpenPGP message. > > Successful exploitation allows execution of arbitrary code. > > The vulnerability is reported in versions prior to 1.4.6 and 2.0.2. > > SOLUTION: > Update to a fixed version or apply patch. > > GnuPG 1.4: > Update to version 1.4.6 or apply patch. > > GnuPG 2.0: > Apply patch. > > PROVIDED AND/OR DISCOVERED BY: > Tavis Ormandy > > ORIGINAL ADVISORY: > http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html >
Copyright © Lexa Software, 1996-2009.