Red Hat Bugzilla – Bug 201283
GnuPG 1.4.5 fixes a flaw in the handling of certain packets
Last modified: 2007-04-18 13:46:54 EDT
From the release notes of GnuPG 1.4.5: "Fixed 2 more possible memory allocation
attacks. They are similar to the problem we fixed with 1.4.4. This bug can
easily be be exploted for a DoS; remote code execution is not entirely
Probably not only FC2 is affected, but I can only choose one specific FC
version when reporting a bug.
06.30.21 CVE: Not Available
Platform: Cross Platform
Title: GnuPG Parse_Comment Remote Buffer Overflow
Description: GNU Privacy Guard (GnuPG) is an encryption application.
It is affected by a remote buffer overflow issue due to insufficient
sanitization of the "parse_comment()" function in the "parse-packet.c"
source file. GnuPG version 1.4.4 is affected.
rhl7.3 is vulnerable:
perl -e 'print "\xfd\xff\xff\xff\xff\xfe"'| gpg --
gpg: Warning: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: Segmentation fault caught ... exiting
Fedora Core 2 is now completely unmaintained. These bugs can't be fixed in that
version. If the issue still persists in current Fedora Core, please reopen.
Thank you, and sorry about this.