Trustix Security Advisory TSLSA-2006-0070 (gnupg, proftpd)

Test ID: 57713
Category: Trustix Local Security Checks
Title: Trustix Security Advisory TSLSA-2006-0070 (gnupg, proftpd)
Summary: Trustix Security Advisory TSLSA-2006-0070 (gnupg, proftpd)
Description:
The remote host is missing updates announced in
advisory TSLSA-2006-0070.

gnupg < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- New Upstream.
- SECURITY Fix: Tavis Ormandy has reported a vulnerability in GnuPG,
caused due to an error within the decryption of malformed OpenPGP
messages. This can be exploited to corrupt memory when decrypting
a specially crafted OpenPGP message.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2006-6235 to this issue.

proftpd < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- New upstream.
- SECURITY Fix: Stack-based buffer overflow in the sreplace function
allows remote attackers to cause a denial of service, as
demonstrated by vd_proftpd.pm, a ProFTPD remote exploit.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2006-5815 to this issue.
- NOTE: In November 2006, the role of CommandBufferSize was originally
associated with CVE-2006-5815, but this was an error stemming from
an initial vague disclosure. Correct CVE: CVE-2006-6171.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

https://secure1.securityspace.com/smysecure/catid.html?in=TSLSA-2006-0070

Risk factor : High
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-6235
Common Vulnerability Exposure (CVE) ID: CVE-2006-5815
Common Vulnerability Exposure (CVE) ID: CVE-2006-6171