Debian Security Advisory DSA 1231-1 (gnupg)

Test ID: 57709
Category: Debian Local Security Checks
Title: Debian Security Advisory DSA 1231-1 (gnupg)
Summary: Debian Security Advisory DSA 1231-1 (gnupg)
Description:
The remote host is missing an update to gnupg
announced via advisory DSA 1231-1.

Several remote vulnerabilities have been discovered in the GNU privacy,
a free PGP replacement, which may lead to the execution of arbitrary code.
The Common Vulnerabilities and Exposures project identifies the following
problems:

CVE-2006-6169

Werner Koch discovered that a buffer overflow in a sanitising function
may lead to execution of arbitrary code when running gnupg
interactively.

CVE-2006-6235

Tavis Ormandy discovered that parsing a carefully crafted OpenPGP
packet may lead to the execution of arbitrary code, as a function
pointer of an internal structure may be controlled through the
decryption routines.

For the stable distribution (sarge) these problems have been fixed in
version 1.4.1-1.sarge6.

For the upcoming stable distribution (etch) these problems have been
fixed in version 1.4.6-1.

For the unstable distribution (sid) these problems have been fixed in
version 1.4.6-1.

We recommend that you upgrade your gnupg packages.

Solution:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201231-1

Risk factor : High
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-6169
Common Vulnerability Exposure (CVE) ID: CVE-2006-6235