Ubuntu Security Notice USN-393-2
7th December, 2006
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 6.10
USN-389-1 and USN-393-1 fixed vulnerabilities in gnupg. This update
provides the corresponding updates for gnupg2.
Original advisory details:
A buffer overflow was discovered in GnuPG. By tricking a user into
running gpg interactively on a specially crafted message, an attacker
could execute arbitrary code with the user's privileges. This
vulnerability is not exposed when running gpg in batch mode.
Tavis Ormandy discovered that gnupg was incorrectly using the stack.
If a user were tricked into processing a specially crafted message, an
attacker could execute arbitrary code with the user's privileges.
The problem can be corrected by updating your system to the following package version:
- Ubuntu 6.10:
- gnupg2 1.9.21-0ubuntu5.2
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the