CVE-2006-6169

Publication date 29 November 2006

Last updated 24 July 2024

Ubuntu priority

Unknown

Why this priority?

Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt.

Status

Package Ubuntu Release Status
gnupg 9.10 karmic
Fixed 1.4.6-1ubuntu2
9.04 jaunty
Fixed 1.4.6-1ubuntu2
8.10 intrepid
Fixed 1.4.6-1ubuntu2
8.04 LTS hardy
Fixed 1.4.6-1ubuntu2
7.10 gutsy
Fixed 1.4.6-1ubuntu2
7.04 feisty
Fixed 1.4.6-1ubuntu2
6.10 edgy
Fixed 1.4.3-2ubuntu3.3
6.06 LTS dapper
Fixed 1.4.2.2-1ubuntu2.5
gnupg2 9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
7.10 gutsy
Not affected
7.04 feisty
Fixed 2.0.3-1ubuntu1
6.10 edgy
Fixed 1.9.21-0ubuntu5.3
6.06 LTS dapper Ignored end of life

References

Related Ubuntu Security Notices (USN)

    • USN-393-2
    • GnuPG2 vulnerabilities
    • 7 December 2006

Other references