Bug 42674 - gnupg 1.0.6 out, fixing format string exploit
Summary: gnupg 1.0.6 out, fixing format string exploit
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: gnupg   
(Show other bugs)
Version: 7.1
Hardware: All Linux
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Aaron Brown
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2001-05-29 13:11 UTC by Chris Ricker
Modified: 2007-03-27 03:44 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-05-30 13:44:10 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2001:073 normal SHIPPED_LIVE : Updated GnuPG packages available 2001-05-30 04:00:00 UTC

Description Chris Ricker 2001-05-29 13:11:13 UTC
Description of Problem:

GPG 1.0.5 and prior versions are vulnerable to format string exploits in
non-batch mode.  1.0.6 fixes this, according to the <A
HREF="http://www.gnupg.org/whatsnew.html#rn20010529">GnuPG web page</A>.

Presumably a more informative announcement from Werner is forthcoming....

Comment 1 Chris Ricker 2001-05-30 01:15:27 UTC
Exploits for this have now been posted to bugtraq

Comment 2 Nalin Dahyabhai 2001-05-30 13:44:05 UTC
An errata packages is being prepped.

Note You need to log in before you can comment on or make changes to this bug.