Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: GnuPG 1.4.5 released - remote execution possible - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
GnuPG 1.4.5 released - remote execution possible
A new version of GnuPG has been released addressing memory allocation problems.

From the ChangeLog:
 *    Fixed 2 more possible memory allocation attacks.  They are
similar to the problem we fixed with 1.4.4. This bug can easily
be be exploted for a DoS; remote code execution is not entirely
impossible.
At the time of writing this version was still trickling down to mirrors.
Arrigo

28 Posts

Sign Up for Free or Log In to start participating in the conversation!