Text from Security Focus: http://www.securityfocus.com/bid/19110/ GnuPG is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. This issue may allow remote attackers to execute arbitrary machine code in the context of the affected application, but this has not been confirmed. GnuPG version 1.4.4 is vulnerable to this issue; previous versions may also be affected. The following Perl command demonstrates this issue by crashing the affected application: perl -e 'print "\xfd\xff\xff\xff\xff\xfe"'| /var/gnupg/bin/gpg --no-armor http://lists.immunitysec.com/pipermail/dailydave/2006-July/003354.html
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2006-0615.html