CVE-2006-6235

NameCVE-2006-6235
DescriptionA "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1231-1
NVD severityhigh (attack range: remote)
Debian Bugs401894, 401895, 401898, 401913, 401914
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gnupg (PTS)squeeze (security), squeeze1.4.10-4+squeeze4fixed
squeeze (lts)1.4.10-4+squeeze7fixed
wheezy1.4.12-7+deb7u6fixed
wheezy (security)1.4.12-7+deb7u7fixed
jessie, sid1.4.18-7fixed
gnupg2 (PTS)squeeze (security), squeeze2.0.14-2+squeeze2fixed
squeeze (lts)2.0.14-2+squeeze3fixed
wheezy, wheezy (security)2.0.19-2+deb7u2fixed
jessie, sid2.0.26-6fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gnupgsource(unstable)1.4.6-1high401894, 401898, 401914
gnupgsourcesarge1.4.1-1.sarge6highDSA-1231-1
gnupg2source(unstable)2.0.0-5.2high401895, 401913

Search for package or bug name: Reporting problems