Ubuntu 5.04 / 5.10 / 6.06 LTS : gnupg vulnerability (USN-332-1)
Medium Nessus Plugin ID 27911
SynopsisThe remote Ubuntu host is missing a security-related patch.
DescriptionEvgeny Legerov discovered that gnupg did not sufficiently check the validity of the comment and a control field. Specially crafted GPG data could cause a buffer overflow. This could be exploited to execute arbitrary code with the user's privileges if an attacker can trick an user into processing a malicious encrypted/signed document with gnupg.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected gnupg package.