Описание
ELSA-2010-0603: gnupg2 security update (MODERATE)
[2.0.10-3.1]
- fix use after free when importing certain X509 certificates CVE-2010-2547 (#618156)
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
gnupg2
2.0.10-3.el5_5.1
Oracle Linux x86_64
gnupg2
2.0.10-3.el5_5.1
Oracle Linux i386
gnupg2
2.0.10-3.el5_5.1
Связанные CVE
Связанные уязвимости
Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.
Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.
Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.
Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2. ...
Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.