Via SecurityFocus -
GnuPG is susceptible to a remote buffer-overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied input prior to copying it to an insufficiently sized memory buffer.This issue may allow remote attackers to execute arbitrary machine code in the context of the affected application, but this has not been confirmed.
GnuPG versions 1.4.3 and 1.9.20 are vulnerable to this issue; previous versions may also be affected.
I guess this means we should watch for a new GPG stable release pretty soon. Current stable is 1.4.3
No comments:
Post a Comment