Red Hat Bugzilla – Bug 218821
CVE-2006-6235: gnupg2 <= 2.0.1 stack overwrite vulnerability
Last modified: 2007-11-30 17:11:51 EST
"A "stack overwrite" vulnerability in GnuPG (gpg) before 1.2.1 allows attackers
to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to
dereference a function pointer from deallocated stack memory."
FC6+ seem to be taken care of already, FC- not yet.
Right FC-6+ build pushed yesterday already.
* Wed Dec 06 2006 Rex Dieter <rexdieter[AT]users.sf.net> 2.0.1-2
- CVE-2006-6235 (bug #218821)
Older releases don't include the gpg2 (and friends) binaries, so they aren't
(shouldn't!) be affected by this.
Seems so indeed.