Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2006-0049 (GCVE-0-2006-0049)
Vulnerability from cvelistv5 – Published: 2006-03-13 21:00 – Updated: 2024-08-07 16:18
VLAI
EPSS
Summary
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
31 references
Date Public
2006-03-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-264-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/264-1/"
},
{
"name": "19249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19249"
},
{
"name": "ADV-2006-0915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0915"
},
{
"name": "RHSA-2006:0266",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "[gnupg-announce] 20060309 [Announce] GnuPG does not detect injection of unsigned data",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html"
},
{
"name": "450",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/450"
},
{
"name": "19232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19232"
},
{
"name": "23790",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23790"
},
{
"name": "SSA:2006-072-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
},
{
"name": "19173",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19173"
},
{
"name": "FLSA-2006:185355",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"name": "17058",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17058"
},
{
"name": "568",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/568"
},
{
"name": "oval:org.mitre.oval:def:10063",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063"
},
{
"name": "19287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19287"
},
{
"name": "2006-0014",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0014"
},
{
"name": "1015749",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015749"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "SUSE-SA:2006:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html"
},
{
"name": "GLSA-200603-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml"
},
{
"name": "gnupg-nondetached-sig-verification(25184)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25184"
},
{
"name": "19234",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19234"
},
{
"name": "FEDORA-2006-147",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html"
},
{
"name": "19197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19197"
},
{
"name": "19244",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19244"
},
{
"name": "19203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19203"
},
{
"name": "MDKSA-2006:055",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:055"
},
{
"name": "20060309 GnuPG does not detect injection of unsigned data",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427324/100/0/threaded"
},
{
"name": "19231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19231"
},
{
"name": "DSA-993",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-993"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "USN-264-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/264-1/"
},
{
"name": "19249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19249"
},
{
"name": "ADV-2006-0915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0915"
},
{
"name": "RHSA-2006:0266",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "[gnupg-announce] 20060309 [Announce] GnuPG does not detect injection of unsigned data",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html"
},
{
"name": "450",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/450"
},
{
"name": "19232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19232"
},
{
"name": "23790",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23790"
},
{
"name": "SSA:2006-072-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
},
{
"name": "19173",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19173"
},
{
"name": "FLSA-2006:185355",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"name": "17058",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17058"
},
{
"name": "568",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/568"
},
{
"name": "oval:org.mitre.oval:def:10063",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063"
},
{
"name": "19287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19287"
},
{
"name": "2006-0014",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0014"
},
{
"name": "1015749",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015749"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "SUSE-SA:2006:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html"
},
{
"name": "GLSA-200603-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml"
},
{
"name": "gnupg-nondetached-sig-verification(25184)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25184"
},
{
"name": "19234",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19234"
},
{
"name": "FEDORA-2006-147",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html"
},
{
"name": "19197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19197"
},
{
"name": "19244",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19244"
},
{
"name": "19203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19203"
},
{
"name": "MDKSA-2006:055",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:055"
},
{
"name": "20060309 GnuPG does not detect injection of unsigned data",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427324/100/0/threaded"
},
{
"name": "19231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19231"
},
{
"name": "DSA-993",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-993"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-0049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-264-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/264-1/"
},
{
"name": "19249",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19249"
},
{
"name": "ADV-2006-0915",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0915"
},
{
"name": "RHSA-2006:0266",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"name": "20060401-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "[gnupg-announce] 20060309 [Announce] GnuPG does not detect injection of unsigned data",
"refsource": "MLIST",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html"
},
{
"name": "450",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/450"
},
{
"name": "19232",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19232"
},
{
"name": "23790",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23790"
},
{
"name": "SSA:2006-072-02",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
},
{
"name": "19173",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19173"
},
{
"name": "FLSA-2006:185355",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"name": "17058",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17058"
},
{
"name": "568",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/568"
},
{
"name": "oval:org.mitre.oval:def:10063",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063"
},
{
"name": "19287",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19287"
},
{
"name": "2006-0014",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0014"
},
{
"name": "1015749",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015749"
},
{
"name": "19532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19532"
},
{
"name": "SUSE-SA:2006:014",
"refsource": "SUSE",
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html"
},
{
"name": "GLSA-200603-08",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml"
},
{
"name": "gnupg-nondetached-sig-verification(25184)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25184"
},
{
"name": "19234",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19234"
},
{
"name": "FEDORA-2006-147",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html"
},
{
"name": "19197",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19197"
},
{
"name": "19244",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19244"
},
{
"name": "19203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19203"
},
{
"name": "MDKSA-2006:055",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:055"
},
{
"name": "20060309 GnuPG does not detect injection of unsigned data",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427324/100/0/threaded"
},
{
"name": "19231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19231"
},
{
"name": "DSA-993",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-993"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2006-0049",
"datePublished": "2006-03-13T21:00:00.000Z",
"dateReserved": "2005-12-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:18:20.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2006-0049",
"date": "2026-05-25",
"epss": "0.05236",
"percentile": "0.90072"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:privacy_guard:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E054978B-8466-4D12-B7DC-7E72CC57F0DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:privacy_guard:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F38F964B-C5D1-4177-BD31-7AB4083CC431\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:privacy_guard:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DF7811A-B254-4829-AED2-C70BD5C82592\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:privacy_guard:1.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72ED862B-6278-41ED-9619-115E6552AFBB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:privacy_guard:1.0.3b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1869E888-E83C-4A62-AA84-F2C9F2AF12FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:privacy_guard:1.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3D51820-D735-44FC-95BB-A473FFDE9D35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:privacy_guard:1.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5FB2C28-0E4D-4AE3-A2CC-0197FE578074\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:privacy_guard:1.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F2224AF-EA7B-4A3D-8B23-7FC59D66E611\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:privacy_guard:1.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A2B3B44-941E-4007-B58A-16E85B87CB33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:privacy_guard:1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49A642D7-007E-479D-963E-A74AAE195A54\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:privacy_guard:1.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86144B81-D321-4ECA-937F-FFA8A043FCE4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:privacy_guard:1.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A93CAE1-0DFC-43E1-997D-22CDC338D3E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:privacy_guard:1.2.2:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"9896332E-819B-4392-B704-B143DBBE90A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:privacy_guard:1.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B641ED5-4326-43E7-BF42-982B44478A05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:privacy_guard:1.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"76CAFD24-E53F-488C-BD9F-BE31D30828AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:privacy_guard:1.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5D3628A-3BDD-4C6F-AE7D-C81FC3EE1630\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:privacy_guard:1.2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74589745-A9A6-44DB-B4F0-B61B663ECA21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:privacy_guard:1.2.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB2B99CB-5950-42E7-ACD5-38457CBE9095\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:privacy_guard:1.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D81AF47A-56BA-4D90-A4D4-D7A37333A117\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:privacy_guard:1.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E55DBB73-EF6C-4C46-9E5A-7C35D7FD190C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:privacy_guard:1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"205C014A-236B-44CF-A92D-B4D6392FF9A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:privacy_guard:1.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F412ECF0-DA84-47B8-98FD-06019C9E63E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:privacy_guard:1.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE04D970-A467-4648-B99C-895BA8BEE79B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:privacy_guard:1.4.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C79DC753-35CB-46FA-BDE4-650BD1730505\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.\"}]",
"id": "CVE-2006-0049",
"lastModified": "2024-11-21T00:05:32.100",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2006-03-13T21:06:00.000",
"references": "[{\"url\": \"ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U\", \"source\": \"security@debian.org\"}, {\"url\": \"http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html\", \"source\": \"security@debian.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html\", \"source\": \"security@debian.org\"}, {\"url\": \"http://secunia.com/advisories/19173\", \"source\": \"security@debian.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/19197\", \"source\": \"security@debian.org\"}, {\"url\": \"http://secunia.com/advisories/19203\", \"source\": \"security@debian.org\"}, {\"url\": \"http://secunia.com/advisories/19231\", \"source\": \"security@debian.org\"}, {\"url\": \"http://secunia.com/advisories/19232\", \"source\": \"security@debian.org\"}, {\"url\": \"http://secunia.com/advisories/19234\", \"source\": \"security@debian.org\"}, {\"url\": \"http://secunia.com/advisories/19244\", \"source\": \"security@debian.org\"}, {\"url\": \"http://secunia.com/advisories/19249\", \"source\": \"security@debian.org\"}, {\"url\": \"http://secunia.com/advisories/19287\", \"source\": \"security@debian.org\"}, {\"url\": \"http://secunia.com/advisories/19532\", \"source\": \"security@debian.org\"}, {\"url\": \"http://securityreason.com/securityalert/450\", \"source\": \"security@debian.org\"}, {\"url\": \"http://securityreason.com/securityalert/568\", \"source\": \"security@debian.org\"}, {\"url\": \"http://securitytracker.com/id?1015749\", \"source\": \"security@debian.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.debian.org/security/2006/dsa-993\", \"source\": \"security@debian.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml\", \"source\": \"security@debian.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2006:055\", \"source\": \"security@debian.org\"}, {\"url\": \"http://www.osvdb.org/23790\", \"source\": \"security@debian.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html\", \"source\": \"security@debian.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2006-0266.html\", \"source\": \"security@debian.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/427324/100/0/threaded\", \"source\": \"security@debian.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/433931/100/0/threaded\", \"source\": \"security@debian.org\"}, {\"url\": \"http://www.securityfocus.com/bid/17058\", \"source\": \"security@debian.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477\", \"source\": \"security@debian.org\"}, {\"url\": \"http://www.trustix.org/errata/2006/0014\", \"source\": \"security@debian.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/0915\", \"source\": \"security@debian.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/25184\", \"source\": \"security@debian.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063\", \"source\": \"security@debian.org\"}, {\"url\": \"https://usn.ubuntu.com/264-1/\", \"source\": \"security@debian.org\"}, {\"url\": \"ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/19173\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/19197\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/19203\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/19231\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/19232\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/19234\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/19244\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/19249\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/19287\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/19532\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/450\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/568\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1015749\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.debian.org/security/2006/dsa-993\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2006:055\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/23790\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2006-0266.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/427324/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/433931/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/17058\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.trustix.org/errata/2006/0014\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/0915\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/25184\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/264-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2006-0049\",\"sourceIdentifier\":\"security@debian.org\",\"published\":\"2006-03-13T21:06:00.000\",\"lastModified\":\"2026-04-16T00:27:16.627\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E054978B-8466-4D12-B7DC-7E72CC57F0DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F38F964B-C5D1-4177-BD31-7AB4083CC431\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DF7811A-B254-4829-AED2-C70BD5C82592\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72ED862B-6278-41ED-9619-115E6552AFBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.0.3b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1869E888-E83C-4A62-AA84-F2C9F2AF12FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3D51820-D735-44FC-95BB-A473FFDE9D35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5FB2C28-0E4D-4AE3-A2CC-0197FE578074\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F2224AF-EA7B-4A3D-8B23-7FC59D66E611\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A2B3B44-941E-4007-B58A-16E85B87CB33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49A642D7-007E-479D-963E-A74AAE195A54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86144B81-D321-4ECA-937F-FFA8A043FCE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A93CAE1-0DFC-43E1-997D-22CDC338D3E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.2.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9896332E-819B-4392-B704-B143DBBE90A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B641ED5-4326-43E7-BF42-982B44478A05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76CAFD24-E53F-488C-BD9F-BE31D30828AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5D3628A-3BDD-4C6F-AE7D-C81FC3EE1630\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74589745-A9A6-44DB-B4F0-B61B663ECA21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB2B99CB-5950-42E7-ACD5-38457CBE9095\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D81AF47A-56BA-4D90-A4D4-D7A37333A117\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E55DBB73-EF6C-4C46-9E5A-7C35D7FD190C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"205C014A-236B-44CF-A92D-B4D6392FF9A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F412ECF0-DA84-47B8-98FD-06019C9E63E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE04D970-A467-4648-B99C-895BA8BEE79B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:privacy_guard:1.4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C79DC753-35CB-46FA-BDE4-650BD1730505\"}]}]}],\"references\":[{\"url\":\"ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U\",\"source\":\"security@debian.org\"},{\"url\":\"http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html\",\"source\":\"security@debian.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html\",\"source\":\"security@debian.org\"},{\"url\":\"http://secunia.com/advisories/19173\",\"source\":\"security@debian.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/19197\",\"source\":\"security@debian.org\"},{\"url\":\"http://secunia.com/advisories/19203\",\"source\":\"security@debian.org\"},{\"url\":\"http://secunia.com/advisories/19231\",\"source\":\"security@debian.org\"},{\"url\":\"http://secunia.com/advisories/19232\",\"source\":\"security@debian.org\"},{\"url\":\"http://secunia.com/advisories/19234\",\"source\":\"security@debian.org\"},{\"url\":\"http://secunia.com/advisories/19244\",\"source\":\"security@debian.org\"},{\"url\":\"http://secunia.com/advisories/19249\",\"source\":\"security@debian.org\"},{\"url\":\"http://secunia.com/advisories/19287\",\"source\":\"security@debian.org\"},{\"url\":\"http://secunia.com/advisories/19532\",\"source\":\"security@debian.org\"},{\"url\":\"http://securityreason.com/securityalert/450\",\"source\":\"security@debian.org\"},{\"url\":\"http://securityreason.com/securityalert/568\",\"source\":\"security@debian.org\"},{\"url\":\"http://securitytracker.com/id?1015749\",\"source\":\"security@debian.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.debian.org/security/2006/dsa-993\",\"source\":\"security@debian.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml\",\"source\":\"security@debian.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2006:055\",\"source\":\"security@debian.org\"},{\"url\":\"http://www.osvdb.org/23790\",\"source\":\"security@debian.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html\",\"source\":\"security@debian.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2006-0266.html\",\"source\":\"security@debian.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/427324/100/0/threaded\",\"source\":\"security@debian.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/433931/100/0/threaded\",\"source\":\"security@debian.org\"},{\"url\":\"http://www.securityfocus.com/bid/17058\",\"source\":\"security@debian.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477\",\"source\":\"security@debian.org\"},{\"url\":\"http://www.trustix.org/errata/2006/0014\",\"source\":\"security@debian.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/0915\",\"source\":\"security@debian.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25184\",\"source\":\"security@debian.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063\",\"source\":\"security@debian.org\"},{\"url\":\"https://usn.ubuntu.com/264-1/\",\"source\":\"security@debian.org\"},{\"url\":\"ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/19173\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/19197\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/19203\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/19231\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/19232\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/19234\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/19244\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/19249\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/19287\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/19532\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/450\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/568\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1015749\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.debian.org/security/2006/dsa-993\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2006:055\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/23790\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2006-0266.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/427324/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/433931/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/17058\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.trustix.org/errata/2006/0014\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/0915\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25184\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/264-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTA-2006-AVI-103
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité dans GnuPG permet à un utilisateur de porter atteinte à l'intégrité des données.
Description
GnuPG présente une erreur dans la mise en œuvre du contrôle de la validité d'une signature accompagnant un document. Elle permet à un utilisateur d'insérer des données arbitraires dans un document signé (typiquement du texte supplémentaire dans un message) sans que GnuPG détecte une erreur d'intégrité.
Solution
La version 1.4.2.2 de GnuPG corrige le problème :
http://www.gnupg.org/download/
GnuPG versions 1.4.2.1 et antérieures.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eGnuPG versions 1.4.2.1 et ant\u00e9rieures.\u003c/P\u003e",
"content": "## Description\n\nGnuPG pr\u00e9sente une erreur dans la mise en \u0153uvre du contr\u00f4le de la\nvalidit\u00e9 d\u0027une signature accompagnant un document. Elle permet \u00e0 un\nutilisateur d\u0027ins\u00e9rer des donn\u00e9es arbitraires dans un document sign\u00e9\n(typiquement du texte suppl\u00e9mentaire dans un message) sans que GnuPG\nd\u00e9tecte une erreur d\u0027int\u00e9grit\u00e9.\n\n## Solution\n\nLa version 1.4.2.2 de GnuPG corrige le probl\u00e8me :\n\n http://www.gnupg.org/download/\n",
"cves": [
{
"name": "CVE-2006-0049",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-0049"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 FreeBSD pour GnuPG du 10 mars 2006 :",
"url": "http://www.vuxml.org/freebsd/pkg-gnupg.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2006:0266 du 15 mars 2006 :",
"url": "https://rhn.redhat.com/errata/RHSA-2006-0266.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 993 du 10 mars 2006 :",
"url": "http://www.debian.org/security/2006/dsa-993"
},
{
"title": "Site de GnuPG :",
"url": "http://www.gnupg.org"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200603-08 du 10 mars 2006 :",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2006:055 du 13 mars 2006 :",
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:055"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-264-1 du 13 mars 2006 :",
"url": "http://www.ubuntulinux.org/usn/usn-264-1"
}
],
"reference": "CERTA-2006-AVI-103",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2006-03-13T00:00:00.000000"
},
{
"description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Gentoo et Mandriva, corrections r\u00e9f\u00e9rences Debian et FreeBSD.",
"revision_date": "2006-03-14T00:00:00.000000"
},
{
"description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 RedHat.",
"revision_date": "2006-03-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans GnuPG permet \u00e0 un utilisateur de porter atteinte\n\u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans GnuPG",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GnuPG du 9 mars 2006",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.hmtl"
}
]
}
CERTA-2006-AVI-103
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité dans GnuPG permet à un utilisateur de porter atteinte à l'intégrité des données.
Description
GnuPG présente une erreur dans la mise en œuvre du contrôle de la validité d'une signature accompagnant un document. Elle permet à un utilisateur d'insérer des données arbitraires dans un document signé (typiquement du texte supplémentaire dans un message) sans que GnuPG détecte une erreur d'intégrité.
Solution
La version 1.4.2.2 de GnuPG corrige le problème :
http://www.gnupg.org/download/
GnuPG versions 1.4.2.1 et antérieures.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eGnuPG versions 1.4.2.1 et ant\u00e9rieures.\u003c/P\u003e",
"content": "## Description\n\nGnuPG pr\u00e9sente une erreur dans la mise en \u0153uvre du contr\u00f4le de la\nvalidit\u00e9 d\u0027une signature accompagnant un document. Elle permet \u00e0 un\nutilisateur d\u0027ins\u00e9rer des donn\u00e9es arbitraires dans un document sign\u00e9\n(typiquement du texte suppl\u00e9mentaire dans un message) sans que GnuPG\nd\u00e9tecte une erreur d\u0027int\u00e9grit\u00e9.\n\n## Solution\n\nLa version 1.4.2.2 de GnuPG corrige le probl\u00e8me :\n\n http://www.gnupg.org/download/\n",
"cves": [
{
"name": "CVE-2006-0049",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-0049"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 FreeBSD pour GnuPG du 10 mars 2006 :",
"url": "http://www.vuxml.org/freebsd/pkg-gnupg.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2006:0266 du 15 mars 2006 :",
"url": "https://rhn.redhat.com/errata/RHSA-2006-0266.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 993 du 10 mars 2006 :",
"url": "http://www.debian.org/security/2006/dsa-993"
},
{
"title": "Site de GnuPG :",
"url": "http://www.gnupg.org"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200603-08 du 10 mars 2006 :",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2006:055 du 13 mars 2006 :",
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:055"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-264-1 du 13 mars 2006 :",
"url": "http://www.ubuntulinux.org/usn/usn-264-1"
}
],
"reference": "CERTA-2006-AVI-103",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2006-03-13T00:00:00.000000"
},
{
"description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Gentoo et Mandriva, corrections r\u00e9f\u00e9rences Debian et FreeBSD.",
"revision_date": "2006-03-14T00:00:00.000000"
},
{
"description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 RedHat.",
"revision_date": "2006-03-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans GnuPG permet \u00e0 un utilisateur de porter atteinte\n\u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans GnuPG",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GnuPG du 9 mars 2006",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.hmtl"
}
]
}
FKIE_CVE-2006-0049
Vulnerability from fkie_nvd - Published: 2006-03-13 21:06 - Updated: 2026-04-16 00:27
Severity
Summary
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | privacy_guard | 1.0 | |
| gnu | privacy_guard | 1.0.1 | |
| gnu | privacy_guard | 1.0.2 | |
| gnu | privacy_guard | 1.0.3 | |
| gnu | privacy_guard | 1.0.3b | |
| gnu | privacy_guard | 1.0.4 | |
| gnu | privacy_guard | 1.0.5 | |
| gnu | privacy_guard | 1.0.6 | |
| gnu | privacy_guard | 1.0.7 | |
| gnu | privacy_guard | 1.2 | |
| gnu | privacy_guard | 1.2.1 | |
| gnu | privacy_guard | 1.2.2 | |
| gnu | privacy_guard | 1.2.2 | |
| gnu | privacy_guard | 1.2.3 | |
| gnu | privacy_guard | 1.2.4 | |
| gnu | privacy_guard | 1.2.5 | |
| gnu | privacy_guard | 1.2.6 | |
| gnu | privacy_guard | 1.2.7 | |
| gnu | privacy_guard | 1.3.3 | |
| gnu | privacy_guard | 1.3.4 | |
| gnu | privacy_guard | 1.4 | |
| gnu | privacy_guard | 1.4.1 | |
| gnu | privacy_guard | 1.4.2 | |
| gnu | privacy_guard | 1.4.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E054978B-8466-4D12-B7DC-7E72CC57F0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F38F964B-C5D1-4177-BD31-7AB4083CC431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF7811A-B254-4829-AED2-C70BD5C82592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "72ED862B-6278-41ED-9619-115E6552AFBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "1869E888-E83C-4A62-AA84-F2C9F2AF12FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D51820-D735-44FC-95BB-A473FFDE9D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5FB2C28-0E4D-4AE3-A2CC-0197FE578074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2224AF-EA7B-4A3D-8B23-7FC59D66E611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2B3B44-941E-4007-B58A-16E85B87CB33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49A642D7-007E-479D-963E-A74AAE195A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "86144B81-D321-4ECA-937F-FFA8A043FCE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A93CAE1-0DFC-43E1-997D-22CDC338D3E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9896332E-819B-4392-B704-B143DBBE90A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4B641ED5-4326-43E7-BF42-982B44478A05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "76CAFD24-E53F-488C-BD9F-BE31D30828AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D3628A-3BDD-4C6F-AE7D-C81FC3EE1630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74589745-A9A6-44DB-B4F0-B61B663ECA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BB2B99CB-5950-42E7-ACD5-38457CBE9095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D81AF47A-56BA-4D90-A4D4-D7A37333A117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E55DBB73-EF6C-4C46-9E5A-7C35D7FD190C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "205C014A-236B-44CF-A92D-B4D6392FF9A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F412ECF0-DA84-47B8-98FD-06019C9E63E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE04D970-A467-4648-B99C-895BA8BEE79B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C79DC753-35CB-46FA-BDE4-650BD1730505",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455."
}
],
"id": "CVE-2006-0049",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-13T21:06:00.000",
"references": [
{
"source": "security@debian.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html"
},
{
"source": "security@debian.org",
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19173"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/19197"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/19203"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/19231"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/19232"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/19234"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/19244"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/19249"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/19287"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/19532"
},
{
"source": "security@debian.org",
"url": "http://securityreason.com/securityalert/450"
},
{
"source": "security@debian.org",
"url": "http://securityreason.com/securityalert/568"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015749"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-993"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml"
},
{
"source": "security@debian.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:055"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/23790"
},
{
"source": "security@debian.org",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html"
},
{
"source": "security@debian.org",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/archive/1/427324/100/0/threaded"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/17058"
},
{
"source": "security@debian.org",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
},
{
"source": "security@debian.org",
"url": "http://www.trustix.org/errata/2006/0014"
},
{
"source": "security@debian.org",
"url": "http://www.vupen.com/english/advisories/2006/0915"
},
{
"source": "security@debian.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25184"
},
{
"source": "security@debian.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063"
},
{
"source": "security@debian.org",
"url": "https://usn.ubuntu.com/264-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19234"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/23790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/427324/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/17058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2006/0014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/264-1/"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-C5P7-4HQ8-GM4C
Vulnerability from github – Published: 2022-05-03 03:15 – Updated: 2022-05-03 03:15
VLAI
Details
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.
{
"affected": [],
"aliases": [
"CVE-2006-0049"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2006-03-13T21:06:00Z",
"severity": "MODERATE"
},
"details": "gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.",
"id": "GHSA-c5p7-4hq8-gm4c",
"modified": "2022-05-03T03:15:26Z",
"published": "2022-05-03T03:15:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0049"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25184"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/264-1"
},
{
"type": "WEB",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html"
},
{
"type": "WEB",
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/19173"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/19197"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/19203"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/19231"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/19232"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/19234"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/19244"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/19249"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/19287"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/19532"
},
{
"type": "WEB",
"url": "http://securityreason.com/securityalert/450"
},
{
"type": "WEB",
"url": "http://securityreason.com/securityalert/568"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1015749"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2006/dsa-993"
},
{
"type": "WEB",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:055"
},
{
"type": "WEB",
"url": "http://www.osvdb.org/23790"
},
{
"type": "WEB",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/427324/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/17058"
},
{
"type": "WEB",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
},
{
"type": "WEB",
"url": "http://www.trustix.org/errata/2006/0014"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2006/0915"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2006-0049
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2006-0049",
"description": "gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.",
"id": "GSD-2006-0049",
"references": [
"https://www.suse.com/security/cve/CVE-2006-0049.html",
"https://www.debian.org/security/2006/dsa-993",
"https://access.redhat.com/errata/RHSA-2006:0266"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2006-0049"
],
"details": "gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.",
"id": "GSD-2006-0049",
"modified": "2023-12-13T01:19:50.615625Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-0049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-264-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/264-1/"
},
{
"name": "19249",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19249"
},
{
"name": "ADV-2006-0915",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0915"
},
{
"name": "RHSA-2006:0266",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"name": "20060401-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "[gnupg-announce] 20060309 [Announce] GnuPG does not detect injection of unsigned data",
"refsource": "MLIST",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html"
},
{
"name": "450",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/450"
},
{
"name": "19232",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19232"
},
{
"name": "23790",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23790"
},
{
"name": "SSA:2006-072-02",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
},
{
"name": "19173",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19173"
},
{
"name": "FLSA-2006:185355",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"name": "17058",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17058"
},
{
"name": "568",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/568"
},
{
"name": "oval:org.mitre.oval:def:10063",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063"
},
{
"name": "19287",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19287"
},
{
"name": "2006-0014",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0014"
},
{
"name": "1015749",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015749"
},
{
"name": "19532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19532"
},
{
"name": "SUSE-SA:2006:014",
"refsource": "SUSE",
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html"
},
{
"name": "GLSA-200603-08",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml"
},
{
"name": "gnupg-nondetached-sig-verification(25184)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25184"
},
{
"name": "19234",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19234"
},
{
"name": "FEDORA-2006-147",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html"
},
{
"name": "19197",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19197"
},
{
"name": "19244",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19244"
},
{
"name": "19203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19203"
},
{
"name": "MDKSA-2006:055",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:055"
},
{
"name": "20060309 GnuPG does not detect injection of unsigned data",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427324/100/0/threaded"
},
{
"name": "19231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19231"
},
{
"name": "DSA-993",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-993"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gnu:privacy_guard:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:privacy_guard:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:privacy_guard:1.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:privacy_guard:1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:privacy_guard:1.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:privacy_guard:1.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:privacy_guard:1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:privacy_guard:1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:privacy_guard:1.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:privacy_guard:1.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:privacy_guard:1.4.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:privacy_guard:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:privacy_guard:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:privacy_guard:1.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:privacy_guard:1.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:privacy_guard:1.2.2:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:privacy_guard:1.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:privacy_guard:1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:privacy_guard:1.0.3b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:privacy_guard:1.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:privacy_guard:1.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:privacy_guard:1.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:privacy_guard:1.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:privacy_guard:1.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-0049"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[gnupg-announce] 20060309 [Announce] GnuPG does not detect injection of unsigned data",
"refsource": "MLIST",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html"
},
{
"name": "DSA-993",
"refsource": "DEBIAN",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-993"
},
{
"name": "GLSA-200603-08",
"refsource": "GENTOO",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml"
},
{
"name": "17058",
"refsource": "BID",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/17058"
},
{
"name": "23790",
"refsource": "OSVDB",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/23790"
},
{
"name": "1015749",
"refsource": "SECTRACK",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015749"
},
{
"name": "19173",
"refsource": "SECUNIA",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19173"
},
{
"name": "FEDORA-2006-147",
"refsource": "FEDORA",
"tags": [],
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html"
},
{
"name": "19203",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/19203"
},
{
"name": "19244",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/19244"
},
{
"name": "RHSA-2006:0266",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"name": "2006-0014",
"refsource": "TRUSTIX",
"tags": [],
"url": "http://www.trustix.org/errata/2006/0014"
},
{
"name": "19231",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/19231"
},
{
"name": "19249",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/19249"
},
{
"name": "19287",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/19287"
},
{
"name": "SUSE-SA:2006:014",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html"
},
{
"name": "19197",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/19197"
},
{
"name": "19232",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/19232"
},
{
"name": "19234",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/19234"
},
{
"name": "SSA:2006-072-02",
"refsource": "SLACKWARE",
"tags": [],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
},
{
"name": "20060401-01-U",
"refsource": "SGI",
"tags": [],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "19532",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "MDKSA-2006:055",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:055"
},
{
"name": "450",
"refsource": "SREASON",
"tags": [],
"url": "http://securityreason.com/securityalert/450"
},
{
"name": "568",
"refsource": "SREASON",
"tags": [],
"url": "http://securityreason.com/securityalert/568"
},
{
"name": "ADV-2006-0915",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2006/0915"
},
{
"name": "gnupg-nondetached-sig-verification(25184)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25184"
},
{
"name": "oval:org.mitre.oval:def:10063",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063"
},
{
"name": "USN-264-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/264-1/"
},
{
"name": "FLSA-2006:185355",
"refsource": "FEDORA",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"name": "20060309 GnuPG does not detect injection of unsigned data",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/427324/100/0/threaded"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-10-19T15:42Z",
"publishedDate": "2006-03-13T21:06Z"
}
}
}
RHSA-2006:0266
Vulnerability from csaf_redhat - Published: 2006-03-15 16:36 - Updated: 2025-11-21 17:30Summary
Red Hat Security Advisory: gnupg security update
Severity
Important
Notes
Topic: An updated GnuPG package that fixes signature verification flaws as well as
minor bugs is now available.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details: GnuPG is a utility for encrypting data and creating digital signatures.
Tavis Ormandy discovered a bug in the way GnuPG verifies cryptographically
signed data with detached signatures. It is possible for an attacker to
construct a cryptographically signed message which could appear to come
from a third party. When a victim processes a GnuPG message with a
malformed detached signature, GnuPG ignores the malformed signature,
processes and outputs the signed data, and exits with status 0, just as it
would if the signature had been valid. In this case, GnuPG's exit status
would not indicate that no signature verification had taken place. This
issue would primarily be of concern when processing GnuPG results via an
automated script. The Common Vulnerabilities and Exposures project assigned
the name CVE-2006-0455 to this issue.
Tavis Ormandy also discovered a bug in the way GnuPG verifies
cryptographically signed data with inline signatures. It is possible for an
attacker to inject unsigned data into a signed message in such a way that
when a victim processes the message to recover the data, the unsigned data
is output along with the signed data, giving the appearance of having been
signed. This issue is mitigated in the GnuPG shipped with Red Hat
Enterprise Linux as the --ignore-crc-error option must be passed to the gpg
executable for this attack to be successful. The Common Vulnerabilities and
Exposures project assigned the name CVE-2006-0049 to this issue.
Note that neither of these issues affect the way RPM or up2date verify RPM
package files, nor is RPM vulnerable to either of these issues.
All users of GnuPG are advised to upgrade to this updated package, which
contains backported patches to correct these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.
Affected products
Fixed
104 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-debuginfo-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-debuginfo-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-debuginfo-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-debuginfo-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-debuginfo-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-debuginfo-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-debuginfo-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-debuginfo-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-debuginfo-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-debuginfo-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-debuginfo-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-debuginfo-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-debuginfo-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-debuginfo-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-debuginfo-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-debuginfo-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-debuginfo-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-debuginfo-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-debuginfo-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-debuginfo-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-debuginfo-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-debuginfo-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-debuginfo-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-debuginfo-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-debuginfo-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-debuginfo-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-debuginfo-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-debuginfo-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-debuginfo-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-debuginfo-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-debuginfo-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-debuginfo-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-debuginfo-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-debuginfo-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-debuginfo-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-debuginfo-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-debuginfo-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-debuginfo-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-debuginfo-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-debuginfo-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-debuginfo-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-debuginfo-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-debuginfo-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-debuginfo-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-debuginfo-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-debuginfo-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-debuginfo-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-debuginfo-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".
Affected products
Fixed
104 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-debuginfo-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-debuginfo-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-debuginfo-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-debuginfo-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-debuginfo-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-debuginfo-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-debuginfo-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-debuginfo-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-debuginfo-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-debuginfo-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-debuginfo-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-debuginfo-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-debuginfo-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-debuginfo-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-debuginfo-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-debuginfo-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-debuginfo-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-debuginfo-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-debuginfo-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-debuginfo-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-debuginfo-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-debuginfo-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-debuginfo-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-debuginfo-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-debuginfo-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-debuginfo-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-debuginfo-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-debuginfo-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-debuginfo-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-debuginfo-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-debuginfo-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-debuginfo-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-debuginfo-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-debuginfo-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-debuginfo-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-debuginfo-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-debuginfo-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-debuginfo-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-debuginfo-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-debuginfo-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-debuginfo-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-debuginfo-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-debuginfo-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-debuginfo-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-debuginfo-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-debuginfo-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-debuginfo-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-debuginfo-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated GnuPG package that fixes signature verification flaws as well as\nminor bugs is now available.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "GnuPG is a utility for encrypting data and creating digital signatures.\n\nTavis Ormandy discovered a bug in the way GnuPG verifies cryptographically\nsigned data with detached signatures. It is possible for an attacker to\nconstruct a cryptographically signed message which could appear to come\nfrom a third party. When a victim processes a GnuPG message with a\nmalformed detached signature, GnuPG ignores the malformed signature,\nprocesses and outputs the signed data, and exits with status 0, just as it\nwould if the signature had been valid. In this case, GnuPG\u0027s exit status\nwould not indicate that no signature verification had taken place. This\nissue would primarily be of concern when processing GnuPG results via an\nautomated script. The Common Vulnerabilities and Exposures project assigned\nthe name CVE-2006-0455 to this issue.\n\nTavis Ormandy also discovered a bug in the way GnuPG verifies\ncryptographically signed data with inline signatures. It is possible for an\nattacker to inject unsigned data into a signed message in such a way that\nwhen a victim processes the message to recover the data, the unsigned data\nis output along with the signed data, giving the appearance of having been\nsigned. This issue is mitigated in the GnuPG shipped with Red Hat\nEnterprise Linux as the --ignore-crc-error option must be passed to the gpg\nexecutable for this attack to be successful. The Common Vulnerabilities and\nExposures project assigned the name CVE-2006-0049 to this issue.\n\nNote that neither of these issues affect the way RPM or up2date verify RPM\npackage files, nor is RPM vulnerable to either of these issues.\n\nAll users of GnuPG are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2006:0266",
"url": "https://access.redhat.com/errata/RHSA-2006:0266"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "167392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=167392"
},
{
"category": "external",
"summary": "179506",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=179506"
},
{
"category": "external",
"summary": "183484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=183484"
},
{
"category": "external",
"summary": "184556",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=184556"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2006/rhsa-2006_0266.json"
}
],
"title": "Red Hat Security Advisory: gnupg security update",
"tracking": {
"current_release_date": "2025-11-21T17:30:06+00:00",
"generator": {
"date": "2025-11-21T17:30:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2006:0266",
"initial_release_date": "2006-03-15T16:36:00+00:00",
"revision_history": [
{
"date": "2006-03-15T16:36:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2006-03-15T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:30:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3",
"product": {
"name": "Red Hat Enterprise Linux AS version 3",
"product_id": "3AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3",
"product": {
"name": "Red Hat Desktop version 3",
"product_id": "3Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3",
"product": {
"name": "Red Hat Enterprise Linux ES version 3",
"product_id": "3ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3",
"product": {
"name": "Red Hat Enterprise Linux WS version 3",
"product_id": "3WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "gnupg-debuginfo-0:1.2.6-3.ia64",
"product": {
"name": "gnupg-debuginfo-0:1.2.6-3.ia64",
"product_id": "gnupg-debuginfo-0:1.2.6-3.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg-debuginfo@1.2.6-3?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "gnupg-0:1.2.6-3.ia64",
"product": {
"name": "gnupg-0:1.2.6-3.ia64",
"product_id": "gnupg-0:1.2.6-3.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.6-3?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "gnupg-0:1.2.1-15.ia64",
"product": {
"name": "gnupg-0:1.2.1-15.ia64",
"product_id": "gnupg-0:1.2.1-15.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.1-15?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "gnupg-debuginfo-0:1.2.1-15.ia64",
"product": {
"name": "gnupg-debuginfo-0:1.2.1-15.ia64",
"product_id": "gnupg-debuginfo-0:1.2.1-15.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg-debuginfo@1.2.1-15?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "gnupg-debuginfo-0:1.2.6-3.x86_64",
"product": {
"name": "gnupg-debuginfo-0:1.2.6-3.x86_64",
"product_id": "gnupg-debuginfo-0:1.2.6-3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg-debuginfo@1.2.6-3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gnupg-0:1.2.6-3.x86_64",
"product": {
"name": "gnupg-0:1.2.6-3.x86_64",
"product_id": "gnupg-0:1.2.6-3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.6-3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gnupg-0:1.2.1-15.x86_64",
"product": {
"name": "gnupg-0:1.2.1-15.x86_64",
"product_id": "gnupg-0:1.2.1-15.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.1-15?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gnupg-debuginfo-0:1.2.1-15.x86_64",
"product": {
"name": "gnupg-debuginfo-0:1.2.1-15.x86_64",
"product_id": "gnupg-debuginfo-0:1.2.1-15.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg-debuginfo@1.2.1-15?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "gnupg-debuginfo-0:1.2.6-3.i386",
"product": {
"name": "gnupg-debuginfo-0:1.2.6-3.i386",
"product_id": "gnupg-debuginfo-0:1.2.6-3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg-debuginfo@1.2.6-3?arch=i386"
}
}
},
{
"category": "product_version",
"name": "gnupg-0:1.2.6-3.i386",
"product": {
"name": "gnupg-0:1.2.6-3.i386",
"product_id": "gnupg-0:1.2.6-3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.6-3?arch=i386"
}
}
},
{
"category": "product_version",
"name": "gnupg-0:1.2.1-15.i386",
"product": {
"name": "gnupg-0:1.2.1-15.i386",
"product_id": "gnupg-0:1.2.1-15.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.1-15?arch=i386"
}
}
},
{
"category": "product_version",
"name": "gnupg-debuginfo-0:1.2.1-15.i386",
"product": {
"name": "gnupg-debuginfo-0:1.2.1-15.i386",
"product_id": "gnupg-debuginfo-0:1.2.1-15.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg-debuginfo@1.2.1-15?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "gnupg-0:1.2.6-3.src",
"product": {
"name": "gnupg-0:1.2.6-3.src",
"product_id": "gnupg-0:1.2.6-3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.6-3?arch=src"
}
}
},
{
"category": "product_version",
"name": "gnupg-0:1.2.1-15.src",
"product": {
"name": "gnupg-0:1.2.1-15.src",
"product_id": "gnupg-0:1.2.1-15.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.1-15?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "gnupg-debuginfo-0:1.2.6-3.ppc",
"product": {
"name": "gnupg-debuginfo-0:1.2.6-3.ppc",
"product_id": "gnupg-debuginfo-0:1.2.6-3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg-debuginfo@1.2.6-3?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "gnupg-0:1.2.6-3.ppc",
"product": {
"name": "gnupg-0:1.2.6-3.ppc",
"product_id": "gnupg-0:1.2.6-3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.6-3?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "gnupg-0:1.2.1-15.ppc",
"product": {
"name": "gnupg-0:1.2.1-15.ppc",
"product_id": "gnupg-0:1.2.1-15.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.1-15?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "gnupg-debuginfo-0:1.2.1-15.ppc",
"product": {
"name": "gnupg-debuginfo-0:1.2.1-15.ppc",
"product_id": "gnupg-debuginfo-0:1.2.1-15.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg-debuginfo@1.2.1-15?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "gnupg-debuginfo-0:1.2.6-3.s390x",
"product": {
"name": "gnupg-debuginfo-0:1.2.6-3.s390x",
"product_id": "gnupg-debuginfo-0:1.2.6-3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg-debuginfo@1.2.6-3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gnupg-0:1.2.6-3.s390x",
"product": {
"name": "gnupg-0:1.2.6-3.s390x",
"product_id": "gnupg-0:1.2.6-3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.6-3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gnupg-0:1.2.1-15.s390x",
"product": {
"name": "gnupg-0:1.2.1-15.s390x",
"product_id": "gnupg-0:1.2.1-15.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.1-15?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gnupg-debuginfo-0:1.2.1-15.s390x",
"product": {
"name": "gnupg-debuginfo-0:1.2.1-15.s390x",
"product_id": "gnupg-debuginfo-0:1.2.1-15.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg-debuginfo@1.2.1-15?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gnupg-debuginfo-0:1.2.6-3.s390",
"product": {
"name": "gnupg-debuginfo-0:1.2.6-3.s390",
"product_id": "gnupg-debuginfo-0:1.2.6-3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg-debuginfo@1.2.6-3?arch=s390"
}
}
},
{
"category": "product_version",
"name": "gnupg-0:1.2.6-3.s390",
"product": {
"name": "gnupg-0:1.2.6-3.s390",
"product_id": "gnupg-0:1.2.6-3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.6-3?arch=s390"
}
}
},
{
"category": "product_version",
"name": "gnupg-0:1.2.1-15.s390",
"product": {
"name": "gnupg-0:1.2.1-15.s390",
"product_id": "gnupg-0:1.2.1-15.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.1-15?arch=s390"
}
}
},
{
"category": "product_version",
"name": "gnupg-debuginfo-0:1.2.1-15.s390",
"product": {
"name": "gnupg-debuginfo-0:1.2.1-15.s390",
"product_id": "gnupg-debuginfo-0:1.2.1-15.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg-debuginfo@1.2.1-15?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:gnupg-0:1.2.1-15.i386"
},
"product_reference": "gnupg-0:1.2.1-15.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:gnupg-0:1.2.1-15.ia64"
},
"product_reference": "gnupg-0:1.2.1-15.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:gnupg-0:1.2.1-15.ppc"
},
"product_reference": "gnupg-0:1.2.1-15.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:gnupg-0:1.2.1-15.s390"
},
"product_reference": "gnupg-0:1.2.1-15.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:gnupg-0:1.2.1-15.s390x"
},
"product_reference": "gnupg-0:1.2.1-15.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.src as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:gnupg-0:1.2.1-15.src"
},
"product_reference": "gnupg-0:1.2.1-15.src",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:gnupg-0:1.2.1-15.x86_64"
},
"product_reference": "gnupg-0:1.2.1-15.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:gnupg-debuginfo-0:1.2.1-15.i386"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:gnupg-debuginfo-0:1.2.1-15.ia64"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:gnupg-debuginfo-0:1.2.1-15.ppc"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:gnupg-debuginfo-0:1.2.1-15.s390"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:gnupg-debuginfo-0:1.2.1-15.s390x"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:gnupg-debuginfo-0:1.2.1-15.x86_64"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:gnupg-0:1.2.1-15.i386"
},
"product_reference": "gnupg-0:1.2.1-15.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:gnupg-0:1.2.1-15.ia64"
},
"product_reference": "gnupg-0:1.2.1-15.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:gnupg-0:1.2.1-15.ppc"
},
"product_reference": "gnupg-0:1.2.1-15.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:gnupg-0:1.2.1-15.s390"
},
"product_reference": "gnupg-0:1.2.1-15.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:gnupg-0:1.2.1-15.s390x"
},
"product_reference": "gnupg-0:1.2.1-15.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.src as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:gnupg-0:1.2.1-15.src"
},
"product_reference": "gnupg-0:1.2.1-15.src",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:gnupg-0:1.2.1-15.x86_64"
},
"product_reference": "gnupg-0:1.2.1-15.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:gnupg-debuginfo-0:1.2.1-15.i386"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:gnupg-debuginfo-0:1.2.1-15.ia64"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:gnupg-debuginfo-0:1.2.1-15.ppc"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:gnupg-debuginfo-0:1.2.1-15.s390"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:gnupg-debuginfo-0:1.2.1-15.s390x"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:gnupg-debuginfo-0:1.2.1-15.x86_64"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:gnupg-0:1.2.1-15.i386"
},
"product_reference": "gnupg-0:1.2.1-15.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:gnupg-0:1.2.1-15.ia64"
},
"product_reference": "gnupg-0:1.2.1-15.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:gnupg-0:1.2.1-15.ppc"
},
"product_reference": "gnupg-0:1.2.1-15.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:gnupg-0:1.2.1-15.s390"
},
"product_reference": "gnupg-0:1.2.1-15.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:gnupg-0:1.2.1-15.s390x"
},
"product_reference": "gnupg-0:1.2.1-15.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.src as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:gnupg-0:1.2.1-15.src"
},
"product_reference": "gnupg-0:1.2.1-15.src",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:gnupg-0:1.2.1-15.x86_64"
},
"product_reference": "gnupg-0:1.2.1-15.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:gnupg-debuginfo-0:1.2.1-15.i386"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:gnupg-debuginfo-0:1.2.1-15.ia64"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:gnupg-debuginfo-0:1.2.1-15.ppc"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:gnupg-debuginfo-0:1.2.1-15.s390"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:gnupg-debuginfo-0:1.2.1-15.s390x"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:gnupg-debuginfo-0:1.2.1-15.x86_64"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:gnupg-0:1.2.1-15.i386"
},
"product_reference": "gnupg-0:1.2.1-15.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:gnupg-0:1.2.1-15.ia64"
},
"product_reference": "gnupg-0:1.2.1-15.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:gnupg-0:1.2.1-15.ppc"
},
"product_reference": "gnupg-0:1.2.1-15.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:gnupg-0:1.2.1-15.s390"
},
"product_reference": "gnupg-0:1.2.1-15.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:gnupg-0:1.2.1-15.s390x"
},
"product_reference": "gnupg-0:1.2.1-15.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.src as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:gnupg-0:1.2.1-15.src"
},
"product_reference": "gnupg-0:1.2.1-15.src",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:gnupg-0:1.2.1-15.x86_64"
},
"product_reference": "gnupg-0:1.2.1-15.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:gnupg-debuginfo-0:1.2.1-15.i386"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:gnupg-debuginfo-0:1.2.1-15.ia64"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:gnupg-debuginfo-0:1.2.1-15.ppc"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:gnupg-debuginfo-0:1.2.1-15.s390"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:gnupg-debuginfo-0:1.2.1-15.s390x"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:gnupg-debuginfo-0:1.2.1-15.x86_64"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:gnupg-0:1.2.6-3.i386"
},
"product_reference": "gnupg-0:1.2.6-3.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:gnupg-0:1.2.6-3.ia64"
},
"product_reference": "gnupg-0:1.2.6-3.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:gnupg-0:1.2.6-3.ppc"
},
"product_reference": "gnupg-0:1.2.6-3.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:gnupg-0:1.2.6-3.s390"
},
"product_reference": "gnupg-0:1.2.6-3.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:gnupg-0:1.2.6-3.s390x"
},
"product_reference": "gnupg-0:1.2.6-3.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:gnupg-0:1.2.6-3.src"
},
"product_reference": "gnupg-0:1.2.6-3.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:gnupg-0:1.2.6-3.x86_64"
},
"product_reference": "gnupg-0:1.2.6-3.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:gnupg-debuginfo-0:1.2.6-3.i386"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:gnupg-debuginfo-0:1.2.6-3.ia64"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:gnupg-debuginfo-0:1.2.6-3.ppc"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:gnupg-debuginfo-0:1.2.6-3.s390"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:gnupg-debuginfo-0:1.2.6-3.s390x"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:gnupg-debuginfo-0:1.2.6-3.x86_64"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:gnupg-0:1.2.6-3.i386"
},
"product_reference": "gnupg-0:1.2.6-3.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:gnupg-0:1.2.6-3.ia64"
},
"product_reference": "gnupg-0:1.2.6-3.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:gnupg-0:1.2.6-3.ppc"
},
"product_reference": "gnupg-0:1.2.6-3.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:gnupg-0:1.2.6-3.s390"
},
"product_reference": "gnupg-0:1.2.6-3.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:gnupg-0:1.2.6-3.s390x"
},
"product_reference": "gnupg-0:1.2.6-3.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:gnupg-0:1.2.6-3.src"
},
"product_reference": "gnupg-0:1.2.6-3.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:gnupg-0:1.2.6-3.x86_64"
},
"product_reference": "gnupg-0:1.2.6-3.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:gnupg-debuginfo-0:1.2.6-3.i386"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:gnupg-debuginfo-0:1.2.6-3.ia64"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:gnupg-debuginfo-0:1.2.6-3.ppc"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:gnupg-debuginfo-0:1.2.6-3.s390"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:gnupg-debuginfo-0:1.2.6-3.s390x"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:gnupg-debuginfo-0:1.2.6-3.x86_64"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:gnupg-0:1.2.6-3.i386"
},
"product_reference": "gnupg-0:1.2.6-3.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:gnupg-0:1.2.6-3.ia64"
},
"product_reference": "gnupg-0:1.2.6-3.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:gnupg-0:1.2.6-3.ppc"
},
"product_reference": "gnupg-0:1.2.6-3.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:gnupg-0:1.2.6-3.s390"
},
"product_reference": "gnupg-0:1.2.6-3.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:gnupg-0:1.2.6-3.s390x"
},
"product_reference": "gnupg-0:1.2.6-3.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:gnupg-0:1.2.6-3.src"
},
"product_reference": "gnupg-0:1.2.6-3.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:gnupg-0:1.2.6-3.x86_64"
},
"product_reference": "gnupg-0:1.2.6-3.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:gnupg-debuginfo-0:1.2.6-3.i386"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:gnupg-debuginfo-0:1.2.6-3.ia64"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:gnupg-debuginfo-0:1.2.6-3.ppc"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:gnupg-debuginfo-0:1.2.6-3.s390"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:gnupg-debuginfo-0:1.2.6-3.s390x"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:gnupg-debuginfo-0:1.2.6-3.x86_64"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:gnupg-0:1.2.6-3.i386"
},
"product_reference": "gnupg-0:1.2.6-3.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:gnupg-0:1.2.6-3.ia64"
},
"product_reference": "gnupg-0:1.2.6-3.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:gnupg-0:1.2.6-3.ppc"
},
"product_reference": "gnupg-0:1.2.6-3.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:gnupg-0:1.2.6-3.s390"
},
"product_reference": "gnupg-0:1.2.6-3.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:gnupg-0:1.2.6-3.s390x"
},
"product_reference": "gnupg-0:1.2.6-3.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:gnupg-0:1.2.6-3.src"
},
"product_reference": "gnupg-0:1.2.6-3.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:gnupg-0:1.2.6-3.x86_64"
},
"product_reference": "gnupg-0:1.2.6-3.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:gnupg-debuginfo-0:1.2.6-3.i386"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:gnupg-debuginfo-0:1.2.6-3.ia64"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:gnupg-debuginfo-0:1.2.6-3.ppc"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:gnupg-debuginfo-0:1.2.6-3.s390"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:gnupg-debuginfo-0:1.2.6-3.s390x"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:gnupg-debuginfo-0:1.2.6-3.x86_64"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.x86_64",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-0049",
"discovery_date": "2006-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617870"
}
],
"notes": [
{
"category": "description",
"text": "gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS:gnupg-0:1.2.1-15.i386",
"3AS:gnupg-0:1.2.1-15.ia64",
"3AS:gnupg-0:1.2.1-15.ppc",
"3AS:gnupg-0:1.2.1-15.s390",
"3AS:gnupg-0:1.2.1-15.s390x",
"3AS:gnupg-0:1.2.1-15.src",
"3AS:gnupg-0:1.2.1-15.x86_64",
"3AS:gnupg-debuginfo-0:1.2.1-15.i386",
"3AS:gnupg-debuginfo-0:1.2.1-15.ia64",
"3AS:gnupg-debuginfo-0:1.2.1-15.ppc",
"3AS:gnupg-debuginfo-0:1.2.1-15.s390",
"3AS:gnupg-debuginfo-0:1.2.1-15.s390x",
"3AS:gnupg-debuginfo-0:1.2.1-15.x86_64",
"3Desktop:gnupg-0:1.2.1-15.i386",
"3Desktop:gnupg-0:1.2.1-15.ia64",
"3Desktop:gnupg-0:1.2.1-15.ppc",
"3Desktop:gnupg-0:1.2.1-15.s390",
"3Desktop:gnupg-0:1.2.1-15.s390x",
"3Desktop:gnupg-0:1.2.1-15.src",
"3Desktop:gnupg-0:1.2.1-15.x86_64",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.i386",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.ia64",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.ppc",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.s390",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.s390x",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.x86_64",
"3ES:gnupg-0:1.2.1-15.i386",
"3ES:gnupg-0:1.2.1-15.ia64",
"3ES:gnupg-0:1.2.1-15.ppc",
"3ES:gnupg-0:1.2.1-15.s390",
"3ES:gnupg-0:1.2.1-15.s390x",
"3ES:gnupg-0:1.2.1-15.src",
"3ES:gnupg-0:1.2.1-15.x86_64",
"3ES:gnupg-debuginfo-0:1.2.1-15.i386",
"3ES:gnupg-debuginfo-0:1.2.1-15.ia64",
"3ES:gnupg-debuginfo-0:1.2.1-15.ppc",
"3ES:gnupg-debuginfo-0:1.2.1-15.s390",
"3ES:gnupg-debuginfo-0:1.2.1-15.s390x",
"3ES:gnupg-debuginfo-0:1.2.1-15.x86_64",
"3WS:gnupg-0:1.2.1-15.i386",
"3WS:gnupg-0:1.2.1-15.ia64",
"3WS:gnupg-0:1.2.1-15.ppc",
"3WS:gnupg-0:1.2.1-15.s390",
"3WS:gnupg-0:1.2.1-15.s390x",
"3WS:gnupg-0:1.2.1-15.src",
"3WS:gnupg-0:1.2.1-15.x86_64",
"3WS:gnupg-debuginfo-0:1.2.1-15.i386",
"3WS:gnupg-debuginfo-0:1.2.1-15.ia64",
"3WS:gnupg-debuginfo-0:1.2.1-15.ppc",
"3WS:gnupg-debuginfo-0:1.2.1-15.s390",
"3WS:gnupg-debuginfo-0:1.2.1-15.s390x",
"3WS:gnupg-debuginfo-0:1.2.1-15.x86_64",
"4AS:gnupg-0:1.2.6-3.i386",
"4AS:gnupg-0:1.2.6-3.ia64",
"4AS:gnupg-0:1.2.6-3.ppc",
"4AS:gnupg-0:1.2.6-3.s390",
"4AS:gnupg-0:1.2.6-3.s390x",
"4AS:gnupg-0:1.2.6-3.src",
"4AS:gnupg-0:1.2.6-3.x86_64",
"4AS:gnupg-debuginfo-0:1.2.6-3.i386",
"4AS:gnupg-debuginfo-0:1.2.6-3.ia64",
"4AS:gnupg-debuginfo-0:1.2.6-3.ppc",
"4AS:gnupg-debuginfo-0:1.2.6-3.s390",
"4AS:gnupg-debuginfo-0:1.2.6-3.s390x",
"4AS:gnupg-debuginfo-0:1.2.6-3.x86_64",
"4Desktop:gnupg-0:1.2.6-3.i386",
"4Desktop:gnupg-0:1.2.6-3.ia64",
"4Desktop:gnupg-0:1.2.6-3.ppc",
"4Desktop:gnupg-0:1.2.6-3.s390",
"4Desktop:gnupg-0:1.2.6-3.s390x",
"4Desktop:gnupg-0:1.2.6-3.src",
"4Desktop:gnupg-0:1.2.6-3.x86_64",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.i386",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.ia64",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.ppc",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.s390",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.s390x",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.x86_64",
"4ES:gnupg-0:1.2.6-3.i386",
"4ES:gnupg-0:1.2.6-3.ia64",
"4ES:gnupg-0:1.2.6-3.ppc",
"4ES:gnupg-0:1.2.6-3.s390",
"4ES:gnupg-0:1.2.6-3.s390x",
"4ES:gnupg-0:1.2.6-3.src",
"4ES:gnupg-0:1.2.6-3.x86_64",
"4ES:gnupg-debuginfo-0:1.2.6-3.i386",
"4ES:gnupg-debuginfo-0:1.2.6-3.ia64",
"4ES:gnupg-debuginfo-0:1.2.6-3.ppc",
"4ES:gnupg-debuginfo-0:1.2.6-3.s390",
"4ES:gnupg-debuginfo-0:1.2.6-3.s390x",
"4ES:gnupg-debuginfo-0:1.2.6-3.x86_64",
"4WS:gnupg-0:1.2.6-3.i386",
"4WS:gnupg-0:1.2.6-3.ia64",
"4WS:gnupg-0:1.2.6-3.ppc",
"4WS:gnupg-0:1.2.6-3.s390",
"4WS:gnupg-0:1.2.6-3.s390x",
"4WS:gnupg-0:1.2.6-3.src",
"4WS:gnupg-0:1.2.6-3.x86_64",
"4WS:gnupg-debuginfo-0:1.2.6-3.i386",
"4WS:gnupg-debuginfo-0:1.2.6-3.ia64",
"4WS:gnupg-debuginfo-0:1.2.6-3.ppc",
"4WS:gnupg-debuginfo-0:1.2.6-3.s390",
"4WS:gnupg-debuginfo-0:1.2.6-3.s390x",
"4WS:gnupg-debuginfo-0:1.2.6-3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-0049"
},
{
"category": "external",
"summary": "RHBZ#1617870",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617870"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-0049",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-0049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-0049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0049"
}
],
"release_date": "2006-03-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2006-03-15T16:36:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"3AS:gnupg-0:1.2.1-15.i386",
"3AS:gnupg-0:1.2.1-15.ia64",
"3AS:gnupg-0:1.2.1-15.ppc",
"3AS:gnupg-0:1.2.1-15.s390",
"3AS:gnupg-0:1.2.1-15.s390x",
"3AS:gnupg-0:1.2.1-15.src",
"3AS:gnupg-0:1.2.1-15.x86_64",
"3AS:gnupg-debuginfo-0:1.2.1-15.i386",
"3AS:gnupg-debuginfo-0:1.2.1-15.ia64",
"3AS:gnupg-debuginfo-0:1.2.1-15.ppc",
"3AS:gnupg-debuginfo-0:1.2.1-15.s390",
"3AS:gnupg-debuginfo-0:1.2.1-15.s390x",
"3AS:gnupg-debuginfo-0:1.2.1-15.x86_64",
"3Desktop:gnupg-0:1.2.1-15.i386",
"3Desktop:gnupg-0:1.2.1-15.ia64",
"3Desktop:gnupg-0:1.2.1-15.ppc",
"3Desktop:gnupg-0:1.2.1-15.s390",
"3Desktop:gnupg-0:1.2.1-15.s390x",
"3Desktop:gnupg-0:1.2.1-15.src",
"3Desktop:gnupg-0:1.2.1-15.x86_64",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.i386",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.ia64",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.ppc",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.s390",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.s390x",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.x86_64",
"3ES:gnupg-0:1.2.1-15.i386",
"3ES:gnupg-0:1.2.1-15.ia64",
"3ES:gnupg-0:1.2.1-15.ppc",
"3ES:gnupg-0:1.2.1-15.s390",
"3ES:gnupg-0:1.2.1-15.s390x",
"3ES:gnupg-0:1.2.1-15.src",
"3ES:gnupg-0:1.2.1-15.x86_64",
"3ES:gnupg-debuginfo-0:1.2.1-15.i386",
"3ES:gnupg-debuginfo-0:1.2.1-15.ia64",
"3ES:gnupg-debuginfo-0:1.2.1-15.ppc",
"3ES:gnupg-debuginfo-0:1.2.1-15.s390",
"3ES:gnupg-debuginfo-0:1.2.1-15.s390x",
"3ES:gnupg-debuginfo-0:1.2.1-15.x86_64",
"3WS:gnupg-0:1.2.1-15.i386",
"3WS:gnupg-0:1.2.1-15.ia64",
"3WS:gnupg-0:1.2.1-15.ppc",
"3WS:gnupg-0:1.2.1-15.s390",
"3WS:gnupg-0:1.2.1-15.s390x",
"3WS:gnupg-0:1.2.1-15.src",
"3WS:gnupg-0:1.2.1-15.x86_64",
"3WS:gnupg-debuginfo-0:1.2.1-15.i386",
"3WS:gnupg-debuginfo-0:1.2.1-15.ia64",
"3WS:gnupg-debuginfo-0:1.2.1-15.ppc",
"3WS:gnupg-debuginfo-0:1.2.1-15.s390",
"3WS:gnupg-debuginfo-0:1.2.1-15.s390x",
"3WS:gnupg-debuginfo-0:1.2.1-15.x86_64",
"4AS:gnupg-0:1.2.6-3.i386",
"4AS:gnupg-0:1.2.6-3.ia64",
"4AS:gnupg-0:1.2.6-3.ppc",
"4AS:gnupg-0:1.2.6-3.s390",
"4AS:gnupg-0:1.2.6-3.s390x",
"4AS:gnupg-0:1.2.6-3.src",
"4AS:gnupg-0:1.2.6-3.x86_64",
"4AS:gnupg-debuginfo-0:1.2.6-3.i386",
"4AS:gnupg-debuginfo-0:1.2.6-3.ia64",
"4AS:gnupg-debuginfo-0:1.2.6-3.ppc",
"4AS:gnupg-debuginfo-0:1.2.6-3.s390",
"4AS:gnupg-debuginfo-0:1.2.6-3.s390x",
"4AS:gnupg-debuginfo-0:1.2.6-3.x86_64",
"4Desktop:gnupg-0:1.2.6-3.i386",
"4Desktop:gnupg-0:1.2.6-3.ia64",
"4Desktop:gnupg-0:1.2.6-3.ppc",
"4Desktop:gnupg-0:1.2.6-3.s390",
"4Desktop:gnupg-0:1.2.6-3.s390x",
"4Desktop:gnupg-0:1.2.6-3.src",
"4Desktop:gnupg-0:1.2.6-3.x86_64",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.i386",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.ia64",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.ppc",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.s390",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.s390x",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.x86_64",
"4ES:gnupg-0:1.2.6-3.i386",
"4ES:gnupg-0:1.2.6-3.ia64",
"4ES:gnupg-0:1.2.6-3.ppc",
"4ES:gnupg-0:1.2.6-3.s390",
"4ES:gnupg-0:1.2.6-3.s390x",
"4ES:gnupg-0:1.2.6-3.src",
"4ES:gnupg-0:1.2.6-3.x86_64",
"4ES:gnupg-debuginfo-0:1.2.6-3.i386",
"4ES:gnupg-debuginfo-0:1.2.6-3.ia64",
"4ES:gnupg-debuginfo-0:1.2.6-3.ppc",
"4ES:gnupg-debuginfo-0:1.2.6-3.s390",
"4ES:gnupg-debuginfo-0:1.2.6-3.s390x",
"4ES:gnupg-debuginfo-0:1.2.6-3.x86_64",
"4WS:gnupg-0:1.2.6-3.i386",
"4WS:gnupg-0:1.2.6-3.ia64",
"4WS:gnupg-0:1.2.6-3.ppc",
"4WS:gnupg-0:1.2.6-3.s390",
"4WS:gnupg-0:1.2.6-3.s390x",
"4WS:gnupg-0:1.2.6-3.src",
"4WS:gnupg-0:1.2.6-3.x86_64",
"4WS:gnupg-debuginfo-0:1.2.6-3.i386",
"4WS:gnupg-debuginfo-0:1.2.6-3.ia64",
"4WS:gnupg-debuginfo-0:1.2.6-3.ppc",
"4WS:gnupg-debuginfo-0:1.2.6-3.s390",
"4WS:gnupg-debuginfo-0:1.2.6-3.s390x",
"4WS:gnupg-debuginfo-0:1.2.6-3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2006:0266"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2006-0455",
"discovery_date": "2006-02-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618000"
}
],
"notes": [
{
"category": "description",
"text": "gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command \"gpg --verify\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS:gnupg-0:1.2.1-15.i386",
"3AS:gnupg-0:1.2.1-15.ia64",
"3AS:gnupg-0:1.2.1-15.ppc",
"3AS:gnupg-0:1.2.1-15.s390",
"3AS:gnupg-0:1.2.1-15.s390x",
"3AS:gnupg-0:1.2.1-15.src",
"3AS:gnupg-0:1.2.1-15.x86_64",
"3AS:gnupg-debuginfo-0:1.2.1-15.i386",
"3AS:gnupg-debuginfo-0:1.2.1-15.ia64",
"3AS:gnupg-debuginfo-0:1.2.1-15.ppc",
"3AS:gnupg-debuginfo-0:1.2.1-15.s390",
"3AS:gnupg-debuginfo-0:1.2.1-15.s390x",
"3AS:gnupg-debuginfo-0:1.2.1-15.x86_64",
"3Desktop:gnupg-0:1.2.1-15.i386",
"3Desktop:gnupg-0:1.2.1-15.ia64",
"3Desktop:gnupg-0:1.2.1-15.ppc",
"3Desktop:gnupg-0:1.2.1-15.s390",
"3Desktop:gnupg-0:1.2.1-15.s390x",
"3Desktop:gnupg-0:1.2.1-15.src",
"3Desktop:gnupg-0:1.2.1-15.x86_64",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.i386",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.ia64",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.ppc",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.s390",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.s390x",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.x86_64",
"3ES:gnupg-0:1.2.1-15.i386",
"3ES:gnupg-0:1.2.1-15.ia64",
"3ES:gnupg-0:1.2.1-15.ppc",
"3ES:gnupg-0:1.2.1-15.s390",
"3ES:gnupg-0:1.2.1-15.s390x",
"3ES:gnupg-0:1.2.1-15.src",
"3ES:gnupg-0:1.2.1-15.x86_64",
"3ES:gnupg-debuginfo-0:1.2.1-15.i386",
"3ES:gnupg-debuginfo-0:1.2.1-15.ia64",
"3ES:gnupg-debuginfo-0:1.2.1-15.ppc",
"3ES:gnupg-debuginfo-0:1.2.1-15.s390",
"3ES:gnupg-debuginfo-0:1.2.1-15.s390x",
"3ES:gnupg-debuginfo-0:1.2.1-15.x86_64",
"3WS:gnupg-0:1.2.1-15.i386",
"3WS:gnupg-0:1.2.1-15.ia64",
"3WS:gnupg-0:1.2.1-15.ppc",
"3WS:gnupg-0:1.2.1-15.s390",
"3WS:gnupg-0:1.2.1-15.s390x",
"3WS:gnupg-0:1.2.1-15.src",
"3WS:gnupg-0:1.2.1-15.x86_64",
"3WS:gnupg-debuginfo-0:1.2.1-15.i386",
"3WS:gnupg-debuginfo-0:1.2.1-15.ia64",
"3WS:gnupg-debuginfo-0:1.2.1-15.ppc",
"3WS:gnupg-debuginfo-0:1.2.1-15.s390",
"3WS:gnupg-debuginfo-0:1.2.1-15.s390x",
"3WS:gnupg-debuginfo-0:1.2.1-15.x86_64",
"4AS:gnupg-0:1.2.6-3.i386",
"4AS:gnupg-0:1.2.6-3.ia64",
"4AS:gnupg-0:1.2.6-3.ppc",
"4AS:gnupg-0:1.2.6-3.s390",
"4AS:gnupg-0:1.2.6-3.s390x",
"4AS:gnupg-0:1.2.6-3.src",
"4AS:gnupg-0:1.2.6-3.x86_64",
"4AS:gnupg-debuginfo-0:1.2.6-3.i386",
"4AS:gnupg-debuginfo-0:1.2.6-3.ia64",
"4AS:gnupg-debuginfo-0:1.2.6-3.ppc",
"4AS:gnupg-debuginfo-0:1.2.6-3.s390",
"4AS:gnupg-debuginfo-0:1.2.6-3.s390x",
"4AS:gnupg-debuginfo-0:1.2.6-3.x86_64",
"4Desktop:gnupg-0:1.2.6-3.i386",
"4Desktop:gnupg-0:1.2.6-3.ia64",
"4Desktop:gnupg-0:1.2.6-3.ppc",
"4Desktop:gnupg-0:1.2.6-3.s390",
"4Desktop:gnupg-0:1.2.6-3.s390x",
"4Desktop:gnupg-0:1.2.6-3.src",
"4Desktop:gnupg-0:1.2.6-3.x86_64",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.i386",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.ia64",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.ppc",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.s390",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.s390x",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.x86_64",
"4ES:gnupg-0:1.2.6-3.i386",
"4ES:gnupg-0:1.2.6-3.ia64",
"4ES:gnupg-0:1.2.6-3.ppc",
"4ES:gnupg-0:1.2.6-3.s390",
"4ES:gnupg-0:1.2.6-3.s390x",
"4ES:gnupg-0:1.2.6-3.src",
"4ES:gnupg-0:1.2.6-3.x86_64",
"4ES:gnupg-debuginfo-0:1.2.6-3.i386",
"4ES:gnupg-debuginfo-0:1.2.6-3.ia64",
"4ES:gnupg-debuginfo-0:1.2.6-3.ppc",
"4ES:gnupg-debuginfo-0:1.2.6-3.s390",
"4ES:gnupg-debuginfo-0:1.2.6-3.s390x",
"4ES:gnupg-debuginfo-0:1.2.6-3.x86_64",
"4WS:gnupg-0:1.2.6-3.i386",
"4WS:gnupg-0:1.2.6-3.ia64",
"4WS:gnupg-0:1.2.6-3.ppc",
"4WS:gnupg-0:1.2.6-3.s390",
"4WS:gnupg-0:1.2.6-3.s390x",
"4WS:gnupg-0:1.2.6-3.src",
"4WS:gnupg-0:1.2.6-3.x86_64",
"4WS:gnupg-debuginfo-0:1.2.6-3.i386",
"4WS:gnupg-debuginfo-0:1.2.6-3.ia64",
"4WS:gnupg-debuginfo-0:1.2.6-3.ppc",
"4WS:gnupg-debuginfo-0:1.2.6-3.s390",
"4WS:gnupg-debuginfo-0:1.2.6-3.s390x",
"4WS:gnupg-debuginfo-0:1.2.6-3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-0455"
},
{
"category": "external",
"summary": "RHBZ#1618000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-0455",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-0455"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-0455",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0455"
}
],
"release_date": "2006-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2006-03-15T16:36:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"3AS:gnupg-0:1.2.1-15.i386",
"3AS:gnupg-0:1.2.1-15.ia64",
"3AS:gnupg-0:1.2.1-15.ppc",
"3AS:gnupg-0:1.2.1-15.s390",
"3AS:gnupg-0:1.2.1-15.s390x",
"3AS:gnupg-0:1.2.1-15.src",
"3AS:gnupg-0:1.2.1-15.x86_64",
"3AS:gnupg-debuginfo-0:1.2.1-15.i386",
"3AS:gnupg-debuginfo-0:1.2.1-15.ia64",
"3AS:gnupg-debuginfo-0:1.2.1-15.ppc",
"3AS:gnupg-debuginfo-0:1.2.1-15.s390",
"3AS:gnupg-debuginfo-0:1.2.1-15.s390x",
"3AS:gnupg-debuginfo-0:1.2.1-15.x86_64",
"3Desktop:gnupg-0:1.2.1-15.i386",
"3Desktop:gnupg-0:1.2.1-15.ia64",
"3Desktop:gnupg-0:1.2.1-15.ppc",
"3Desktop:gnupg-0:1.2.1-15.s390",
"3Desktop:gnupg-0:1.2.1-15.s390x",
"3Desktop:gnupg-0:1.2.1-15.src",
"3Desktop:gnupg-0:1.2.1-15.x86_64",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.i386",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.ia64",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.ppc",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.s390",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.s390x",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.x86_64",
"3ES:gnupg-0:1.2.1-15.i386",
"3ES:gnupg-0:1.2.1-15.ia64",
"3ES:gnupg-0:1.2.1-15.ppc",
"3ES:gnupg-0:1.2.1-15.s390",
"3ES:gnupg-0:1.2.1-15.s390x",
"3ES:gnupg-0:1.2.1-15.src",
"3ES:gnupg-0:1.2.1-15.x86_64",
"3ES:gnupg-debuginfo-0:1.2.1-15.i386",
"3ES:gnupg-debuginfo-0:1.2.1-15.ia64",
"3ES:gnupg-debuginfo-0:1.2.1-15.ppc",
"3ES:gnupg-debuginfo-0:1.2.1-15.s390",
"3ES:gnupg-debuginfo-0:1.2.1-15.s390x",
"3ES:gnupg-debuginfo-0:1.2.1-15.x86_64",
"3WS:gnupg-0:1.2.1-15.i386",
"3WS:gnupg-0:1.2.1-15.ia64",
"3WS:gnupg-0:1.2.1-15.ppc",
"3WS:gnupg-0:1.2.1-15.s390",
"3WS:gnupg-0:1.2.1-15.s390x",
"3WS:gnupg-0:1.2.1-15.src",
"3WS:gnupg-0:1.2.1-15.x86_64",
"3WS:gnupg-debuginfo-0:1.2.1-15.i386",
"3WS:gnupg-debuginfo-0:1.2.1-15.ia64",
"3WS:gnupg-debuginfo-0:1.2.1-15.ppc",
"3WS:gnupg-debuginfo-0:1.2.1-15.s390",
"3WS:gnupg-debuginfo-0:1.2.1-15.s390x",
"3WS:gnupg-debuginfo-0:1.2.1-15.x86_64",
"4AS:gnupg-0:1.2.6-3.i386",
"4AS:gnupg-0:1.2.6-3.ia64",
"4AS:gnupg-0:1.2.6-3.ppc",
"4AS:gnupg-0:1.2.6-3.s390",
"4AS:gnupg-0:1.2.6-3.s390x",
"4AS:gnupg-0:1.2.6-3.src",
"4AS:gnupg-0:1.2.6-3.x86_64",
"4AS:gnupg-debuginfo-0:1.2.6-3.i386",
"4AS:gnupg-debuginfo-0:1.2.6-3.ia64",
"4AS:gnupg-debuginfo-0:1.2.6-3.ppc",
"4AS:gnupg-debuginfo-0:1.2.6-3.s390",
"4AS:gnupg-debuginfo-0:1.2.6-3.s390x",
"4AS:gnupg-debuginfo-0:1.2.6-3.x86_64",
"4Desktop:gnupg-0:1.2.6-3.i386",
"4Desktop:gnupg-0:1.2.6-3.ia64",
"4Desktop:gnupg-0:1.2.6-3.ppc",
"4Desktop:gnupg-0:1.2.6-3.s390",
"4Desktop:gnupg-0:1.2.6-3.s390x",
"4Desktop:gnupg-0:1.2.6-3.src",
"4Desktop:gnupg-0:1.2.6-3.x86_64",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.i386",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.ia64",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.ppc",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.s390",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.s390x",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.x86_64",
"4ES:gnupg-0:1.2.6-3.i386",
"4ES:gnupg-0:1.2.6-3.ia64",
"4ES:gnupg-0:1.2.6-3.ppc",
"4ES:gnupg-0:1.2.6-3.s390",
"4ES:gnupg-0:1.2.6-3.s390x",
"4ES:gnupg-0:1.2.6-3.src",
"4ES:gnupg-0:1.2.6-3.x86_64",
"4ES:gnupg-debuginfo-0:1.2.6-3.i386",
"4ES:gnupg-debuginfo-0:1.2.6-3.ia64",
"4ES:gnupg-debuginfo-0:1.2.6-3.ppc",
"4ES:gnupg-debuginfo-0:1.2.6-3.s390",
"4ES:gnupg-debuginfo-0:1.2.6-3.s390x",
"4ES:gnupg-debuginfo-0:1.2.6-3.x86_64",
"4WS:gnupg-0:1.2.6-3.i386",
"4WS:gnupg-0:1.2.6-3.ia64",
"4WS:gnupg-0:1.2.6-3.ppc",
"4WS:gnupg-0:1.2.6-3.s390",
"4WS:gnupg-0:1.2.6-3.s390x",
"4WS:gnupg-0:1.2.6-3.src",
"4WS:gnupg-0:1.2.6-3.x86_64",
"4WS:gnupg-debuginfo-0:1.2.6-3.i386",
"4WS:gnupg-debuginfo-0:1.2.6-3.ia64",
"4WS:gnupg-debuginfo-0:1.2.6-3.ppc",
"4WS:gnupg-debuginfo-0:1.2.6-3.s390",
"4WS:gnupg-debuginfo-0:1.2.6-3.s390x",
"4WS:gnupg-debuginfo-0:1.2.6-3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2006:0266"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
RHSA-2006_0266
Vulnerability from csaf_redhat - Published: 2006-03-15 16:36 - Updated: 2024-11-22 00:10Summary
Red Hat Security Advisory: gnupg security update
Severity
Important
Notes
Topic: An updated GnuPG package that fixes signature verification flaws as well as
minor bugs is now available.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details: GnuPG is a utility for encrypting data and creating digital signatures.
Tavis Ormandy discovered a bug in the way GnuPG verifies cryptographically
signed data with detached signatures. It is possible for an attacker to
construct a cryptographically signed message which could appear to come
from a third party. When a victim processes a GnuPG message with a
malformed detached signature, GnuPG ignores the malformed signature,
processes and outputs the signed data, and exits with status 0, just as it
would if the signature had been valid. In this case, GnuPG's exit status
would not indicate that no signature verification had taken place. This
issue would primarily be of concern when processing GnuPG results via an
automated script. The Common Vulnerabilities and Exposures project assigned
the name CVE-2006-0455 to this issue.
Tavis Ormandy also discovered a bug in the way GnuPG verifies
cryptographically signed data with inline signatures. It is possible for an
attacker to inject unsigned data into a signed message in such a way that
when a victim processes the message to recover the data, the unsigned data
is output along with the signed data, giving the appearance of having been
signed. This issue is mitigated in the GnuPG shipped with Red Hat
Enterprise Linux as the --ignore-crc-error option must be passed to the gpg
executable for this attack to be successful. The Common Vulnerabilities and
Exposures project assigned the name CVE-2006-0049 to this issue.
Note that neither of these issues affect the way RPM or up2date verify RPM
package files, nor is RPM vulnerable to either of these issues.
All users of GnuPG are advised to upgrade to this updated package, which
contains backported patches to correct these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.
Affected products
Fixed
104 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-debuginfo-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-debuginfo-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-debuginfo-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-debuginfo-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-debuginfo-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-debuginfo-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-debuginfo-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-debuginfo-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-debuginfo-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-debuginfo-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-debuginfo-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-debuginfo-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-debuginfo-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-debuginfo-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-debuginfo-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-debuginfo-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-debuginfo-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-debuginfo-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-debuginfo-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-debuginfo-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-debuginfo-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-debuginfo-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-debuginfo-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-debuginfo-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-debuginfo-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-debuginfo-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-debuginfo-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-debuginfo-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-debuginfo-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-debuginfo-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-debuginfo-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-debuginfo-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-debuginfo-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-debuginfo-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-debuginfo-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-debuginfo-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-debuginfo-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-debuginfo-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-debuginfo-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-debuginfo-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-debuginfo-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-debuginfo-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-debuginfo-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-debuginfo-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-debuginfo-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-debuginfo-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-debuginfo-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-debuginfo-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".
Affected products
Fixed
104 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-debuginfo-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-debuginfo-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-debuginfo-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-debuginfo-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-debuginfo-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:gnupg-debuginfo-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-debuginfo-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-debuginfo-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-debuginfo-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-debuginfo-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-debuginfo-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:gnupg-debuginfo-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-debuginfo-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-debuginfo-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-debuginfo-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-debuginfo-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-debuginfo-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:gnupg-debuginfo-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-debuginfo-0:1.2.1-15.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-debuginfo-0:1.2.1-15.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-debuginfo-0:1.2.1-15.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-debuginfo-0:1.2.1-15.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-debuginfo-0:1.2.1-15.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:gnupg-debuginfo-0:1.2.1-15.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-debuginfo-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-debuginfo-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-debuginfo-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-debuginfo-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-debuginfo-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:gnupg-debuginfo-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-debuginfo-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-debuginfo-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-debuginfo-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-debuginfo-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-debuginfo-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:gnupg-debuginfo-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-debuginfo-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-debuginfo-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-debuginfo-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-debuginfo-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-debuginfo-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:gnupg-debuginfo-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-debuginfo-0:1.2.6-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-debuginfo-0:1.2.6-3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-debuginfo-0:1.2.6-3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-debuginfo-0:1.2.6-3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-debuginfo-0:1.2.6-3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:gnupg-debuginfo-0:1.2.6-3.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated GnuPG package that fixes signature verification flaws as well as\nminor bugs is now available.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "GnuPG is a utility for encrypting data and creating digital signatures.\n\nTavis Ormandy discovered a bug in the way GnuPG verifies cryptographically\nsigned data with detached signatures. It is possible for an attacker to\nconstruct a cryptographically signed message which could appear to come\nfrom a third party. When a victim processes a GnuPG message with a\nmalformed detached signature, GnuPG ignores the malformed signature,\nprocesses and outputs the signed data, and exits with status 0, just as it\nwould if the signature had been valid. In this case, GnuPG\u0027s exit status\nwould not indicate that no signature verification had taken place. This\nissue would primarily be of concern when processing GnuPG results via an\nautomated script. The Common Vulnerabilities and Exposures project assigned\nthe name CVE-2006-0455 to this issue.\n\nTavis Ormandy also discovered a bug in the way GnuPG verifies\ncryptographically signed data with inline signatures. It is possible for an\nattacker to inject unsigned data into a signed message in such a way that\nwhen a victim processes the message to recover the data, the unsigned data\nis output along with the signed data, giving the appearance of having been\nsigned. This issue is mitigated in the GnuPG shipped with Red Hat\nEnterprise Linux as the --ignore-crc-error option must be passed to the gpg\nexecutable for this attack to be successful. The Common Vulnerabilities and\nExposures project assigned the name CVE-2006-0049 to this issue.\n\nNote that neither of these issues affect the way RPM or up2date verify RPM\npackage files, nor is RPM vulnerable to either of these issues.\n\nAll users of GnuPG are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2006:0266",
"url": "https://access.redhat.com/errata/RHSA-2006:0266"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "167392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=167392"
},
{
"category": "external",
"summary": "179506",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=179506"
},
{
"category": "external",
"summary": "183484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=183484"
},
{
"category": "external",
"summary": "184556",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=184556"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2006/rhsa-2006_0266.json"
}
],
"title": "Red Hat Security Advisory: gnupg security update",
"tracking": {
"current_release_date": "2024-11-22T00:10:54+00:00",
"generator": {
"date": "2024-11-22T00:10:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2006:0266",
"initial_release_date": "2006-03-15T16:36:00+00:00",
"revision_history": [
{
"date": "2006-03-15T16:36:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2006-03-15T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T00:10:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3",
"product": {
"name": "Red Hat Enterprise Linux AS version 3",
"product_id": "3AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3",
"product": {
"name": "Red Hat Desktop version 3",
"product_id": "3Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3",
"product": {
"name": "Red Hat Enterprise Linux ES version 3",
"product_id": "3ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3",
"product": {
"name": "Red Hat Enterprise Linux WS version 3",
"product_id": "3WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "gnupg-debuginfo-0:1.2.6-3.ia64",
"product": {
"name": "gnupg-debuginfo-0:1.2.6-3.ia64",
"product_id": "gnupg-debuginfo-0:1.2.6-3.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg-debuginfo@1.2.6-3?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "gnupg-0:1.2.6-3.ia64",
"product": {
"name": "gnupg-0:1.2.6-3.ia64",
"product_id": "gnupg-0:1.2.6-3.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.6-3?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "gnupg-0:1.2.1-15.ia64",
"product": {
"name": "gnupg-0:1.2.1-15.ia64",
"product_id": "gnupg-0:1.2.1-15.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.1-15?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "gnupg-debuginfo-0:1.2.1-15.ia64",
"product": {
"name": "gnupg-debuginfo-0:1.2.1-15.ia64",
"product_id": "gnupg-debuginfo-0:1.2.1-15.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg-debuginfo@1.2.1-15?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "gnupg-debuginfo-0:1.2.6-3.x86_64",
"product": {
"name": "gnupg-debuginfo-0:1.2.6-3.x86_64",
"product_id": "gnupg-debuginfo-0:1.2.6-3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg-debuginfo@1.2.6-3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gnupg-0:1.2.6-3.x86_64",
"product": {
"name": "gnupg-0:1.2.6-3.x86_64",
"product_id": "gnupg-0:1.2.6-3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.6-3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gnupg-0:1.2.1-15.x86_64",
"product": {
"name": "gnupg-0:1.2.1-15.x86_64",
"product_id": "gnupg-0:1.2.1-15.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.1-15?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gnupg-debuginfo-0:1.2.1-15.x86_64",
"product": {
"name": "gnupg-debuginfo-0:1.2.1-15.x86_64",
"product_id": "gnupg-debuginfo-0:1.2.1-15.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg-debuginfo@1.2.1-15?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "gnupg-debuginfo-0:1.2.6-3.i386",
"product": {
"name": "gnupg-debuginfo-0:1.2.6-3.i386",
"product_id": "gnupg-debuginfo-0:1.2.6-3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg-debuginfo@1.2.6-3?arch=i386"
}
}
},
{
"category": "product_version",
"name": "gnupg-0:1.2.6-3.i386",
"product": {
"name": "gnupg-0:1.2.6-3.i386",
"product_id": "gnupg-0:1.2.6-3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.6-3?arch=i386"
}
}
},
{
"category": "product_version",
"name": "gnupg-0:1.2.1-15.i386",
"product": {
"name": "gnupg-0:1.2.1-15.i386",
"product_id": "gnupg-0:1.2.1-15.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.1-15?arch=i386"
}
}
},
{
"category": "product_version",
"name": "gnupg-debuginfo-0:1.2.1-15.i386",
"product": {
"name": "gnupg-debuginfo-0:1.2.1-15.i386",
"product_id": "gnupg-debuginfo-0:1.2.1-15.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg-debuginfo@1.2.1-15?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "gnupg-0:1.2.6-3.src",
"product": {
"name": "gnupg-0:1.2.6-3.src",
"product_id": "gnupg-0:1.2.6-3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.6-3?arch=src"
}
}
},
{
"category": "product_version",
"name": "gnupg-0:1.2.1-15.src",
"product": {
"name": "gnupg-0:1.2.1-15.src",
"product_id": "gnupg-0:1.2.1-15.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.1-15?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "gnupg-debuginfo-0:1.2.6-3.ppc",
"product": {
"name": "gnupg-debuginfo-0:1.2.6-3.ppc",
"product_id": "gnupg-debuginfo-0:1.2.6-3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg-debuginfo@1.2.6-3?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "gnupg-0:1.2.6-3.ppc",
"product": {
"name": "gnupg-0:1.2.6-3.ppc",
"product_id": "gnupg-0:1.2.6-3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.6-3?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "gnupg-0:1.2.1-15.ppc",
"product": {
"name": "gnupg-0:1.2.1-15.ppc",
"product_id": "gnupg-0:1.2.1-15.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.1-15?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "gnupg-debuginfo-0:1.2.1-15.ppc",
"product": {
"name": "gnupg-debuginfo-0:1.2.1-15.ppc",
"product_id": "gnupg-debuginfo-0:1.2.1-15.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg-debuginfo@1.2.1-15?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "gnupg-debuginfo-0:1.2.6-3.s390x",
"product": {
"name": "gnupg-debuginfo-0:1.2.6-3.s390x",
"product_id": "gnupg-debuginfo-0:1.2.6-3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg-debuginfo@1.2.6-3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gnupg-0:1.2.6-3.s390x",
"product": {
"name": "gnupg-0:1.2.6-3.s390x",
"product_id": "gnupg-0:1.2.6-3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.6-3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gnupg-0:1.2.1-15.s390x",
"product": {
"name": "gnupg-0:1.2.1-15.s390x",
"product_id": "gnupg-0:1.2.1-15.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.1-15?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gnupg-debuginfo-0:1.2.1-15.s390x",
"product": {
"name": "gnupg-debuginfo-0:1.2.1-15.s390x",
"product_id": "gnupg-debuginfo-0:1.2.1-15.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg-debuginfo@1.2.1-15?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gnupg-debuginfo-0:1.2.6-3.s390",
"product": {
"name": "gnupg-debuginfo-0:1.2.6-3.s390",
"product_id": "gnupg-debuginfo-0:1.2.6-3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg-debuginfo@1.2.6-3?arch=s390"
}
}
},
{
"category": "product_version",
"name": "gnupg-0:1.2.6-3.s390",
"product": {
"name": "gnupg-0:1.2.6-3.s390",
"product_id": "gnupg-0:1.2.6-3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.6-3?arch=s390"
}
}
},
{
"category": "product_version",
"name": "gnupg-0:1.2.1-15.s390",
"product": {
"name": "gnupg-0:1.2.1-15.s390",
"product_id": "gnupg-0:1.2.1-15.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg@1.2.1-15?arch=s390"
}
}
},
{
"category": "product_version",
"name": "gnupg-debuginfo-0:1.2.1-15.s390",
"product": {
"name": "gnupg-debuginfo-0:1.2.1-15.s390",
"product_id": "gnupg-debuginfo-0:1.2.1-15.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnupg-debuginfo@1.2.1-15?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:gnupg-0:1.2.1-15.i386"
},
"product_reference": "gnupg-0:1.2.1-15.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:gnupg-0:1.2.1-15.ia64"
},
"product_reference": "gnupg-0:1.2.1-15.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:gnupg-0:1.2.1-15.ppc"
},
"product_reference": "gnupg-0:1.2.1-15.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:gnupg-0:1.2.1-15.s390"
},
"product_reference": "gnupg-0:1.2.1-15.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:gnupg-0:1.2.1-15.s390x"
},
"product_reference": "gnupg-0:1.2.1-15.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.src as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:gnupg-0:1.2.1-15.src"
},
"product_reference": "gnupg-0:1.2.1-15.src",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:gnupg-0:1.2.1-15.x86_64"
},
"product_reference": "gnupg-0:1.2.1-15.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:gnupg-debuginfo-0:1.2.1-15.i386"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:gnupg-debuginfo-0:1.2.1-15.ia64"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:gnupg-debuginfo-0:1.2.1-15.ppc"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:gnupg-debuginfo-0:1.2.1-15.s390"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:gnupg-debuginfo-0:1.2.1-15.s390x"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:gnupg-debuginfo-0:1.2.1-15.x86_64"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:gnupg-0:1.2.1-15.i386"
},
"product_reference": "gnupg-0:1.2.1-15.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:gnupg-0:1.2.1-15.ia64"
},
"product_reference": "gnupg-0:1.2.1-15.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:gnupg-0:1.2.1-15.ppc"
},
"product_reference": "gnupg-0:1.2.1-15.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:gnupg-0:1.2.1-15.s390"
},
"product_reference": "gnupg-0:1.2.1-15.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:gnupg-0:1.2.1-15.s390x"
},
"product_reference": "gnupg-0:1.2.1-15.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.src as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:gnupg-0:1.2.1-15.src"
},
"product_reference": "gnupg-0:1.2.1-15.src",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:gnupg-0:1.2.1-15.x86_64"
},
"product_reference": "gnupg-0:1.2.1-15.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:gnupg-debuginfo-0:1.2.1-15.i386"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:gnupg-debuginfo-0:1.2.1-15.ia64"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:gnupg-debuginfo-0:1.2.1-15.ppc"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:gnupg-debuginfo-0:1.2.1-15.s390"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:gnupg-debuginfo-0:1.2.1-15.s390x"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:gnupg-debuginfo-0:1.2.1-15.x86_64"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:gnupg-0:1.2.1-15.i386"
},
"product_reference": "gnupg-0:1.2.1-15.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:gnupg-0:1.2.1-15.ia64"
},
"product_reference": "gnupg-0:1.2.1-15.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:gnupg-0:1.2.1-15.ppc"
},
"product_reference": "gnupg-0:1.2.1-15.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:gnupg-0:1.2.1-15.s390"
},
"product_reference": "gnupg-0:1.2.1-15.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:gnupg-0:1.2.1-15.s390x"
},
"product_reference": "gnupg-0:1.2.1-15.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.src as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:gnupg-0:1.2.1-15.src"
},
"product_reference": "gnupg-0:1.2.1-15.src",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:gnupg-0:1.2.1-15.x86_64"
},
"product_reference": "gnupg-0:1.2.1-15.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:gnupg-debuginfo-0:1.2.1-15.i386"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:gnupg-debuginfo-0:1.2.1-15.ia64"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:gnupg-debuginfo-0:1.2.1-15.ppc"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:gnupg-debuginfo-0:1.2.1-15.s390"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:gnupg-debuginfo-0:1.2.1-15.s390x"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:gnupg-debuginfo-0:1.2.1-15.x86_64"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:gnupg-0:1.2.1-15.i386"
},
"product_reference": "gnupg-0:1.2.1-15.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:gnupg-0:1.2.1-15.ia64"
},
"product_reference": "gnupg-0:1.2.1-15.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:gnupg-0:1.2.1-15.ppc"
},
"product_reference": "gnupg-0:1.2.1-15.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:gnupg-0:1.2.1-15.s390"
},
"product_reference": "gnupg-0:1.2.1-15.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:gnupg-0:1.2.1-15.s390x"
},
"product_reference": "gnupg-0:1.2.1-15.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.src as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:gnupg-0:1.2.1-15.src"
},
"product_reference": "gnupg-0:1.2.1-15.src",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.1-15.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:gnupg-0:1.2.1-15.x86_64"
},
"product_reference": "gnupg-0:1.2.1-15.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:gnupg-debuginfo-0:1.2.1-15.i386"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:gnupg-debuginfo-0:1.2.1-15.ia64"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:gnupg-debuginfo-0:1.2.1-15.ppc"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:gnupg-debuginfo-0:1.2.1-15.s390"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:gnupg-debuginfo-0:1.2.1-15.s390x"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.1-15.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:gnupg-debuginfo-0:1.2.1-15.x86_64"
},
"product_reference": "gnupg-debuginfo-0:1.2.1-15.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:gnupg-0:1.2.6-3.i386"
},
"product_reference": "gnupg-0:1.2.6-3.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:gnupg-0:1.2.6-3.ia64"
},
"product_reference": "gnupg-0:1.2.6-3.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:gnupg-0:1.2.6-3.ppc"
},
"product_reference": "gnupg-0:1.2.6-3.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:gnupg-0:1.2.6-3.s390"
},
"product_reference": "gnupg-0:1.2.6-3.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:gnupg-0:1.2.6-3.s390x"
},
"product_reference": "gnupg-0:1.2.6-3.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:gnupg-0:1.2.6-3.src"
},
"product_reference": "gnupg-0:1.2.6-3.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:gnupg-0:1.2.6-3.x86_64"
},
"product_reference": "gnupg-0:1.2.6-3.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:gnupg-debuginfo-0:1.2.6-3.i386"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:gnupg-debuginfo-0:1.2.6-3.ia64"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:gnupg-debuginfo-0:1.2.6-3.ppc"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:gnupg-debuginfo-0:1.2.6-3.s390"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:gnupg-debuginfo-0:1.2.6-3.s390x"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:gnupg-debuginfo-0:1.2.6-3.x86_64"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:gnupg-0:1.2.6-3.i386"
},
"product_reference": "gnupg-0:1.2.6-3.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:gnupg-0:1.2.6-3.ia64"
},
"product_reference": "gnupg-0:1.2.6-3.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:gnupg-0:1.2.6-3.ppc"
},
"product_reference": "gnupg-0:1.2.6-3.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:gnupg-0:1.2.6-3.s390"
},
"product_reference": "gnupg-0:1.2.6-3.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:gnupg-0:1.2.6-3.s390x"
},
"product_reference": "gnupg-0:1.2.6-3.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:gnupg-0:1.2.6-3.src"
},
"product_reference": "gnupg-0:1.2.6-3.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:gnupg-0:1.2.6-3.x86_64"
},
"product_reference": "gnupg-0:1.2.6-3.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:gnupg-debuginfo-0:1.2.6-3.i386"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:gnupg-debuginfo-0:1.2.6-3.ia64"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:gnupg-debuginfo-0:1.2.6-3.ppc"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:gnupg-debuginfo-0:1.2.6-3.s390"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:gnupg-debuginfo-0:1.2.6-3.s390x"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:gnupg-debuginfo-0:1.2.6-3.x86_64"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:gnupg-0:1.2.6-3.i386"
},
"product_reference": "gnupg-0:1.2.6-3.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:gnupg-0:1.2.6-3.ia64"
},
"product_reference": "gnupg-0:1.2.6-3.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:gnupg-0:1.2.6-3.ppc"
},
"product_reference": "gnupg-0:1.2.6-3.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:gnupg-0:1.2.6-3.s390"
},
"product_reference": "gnupg-0:1.2.6-3.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:gnupg-0:1.2.6-3.s390x"
},
"product_reference": "gnupg-0:1.2.6-3.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:gnupg-0:1.2.6-3.src"
},
"product_reference": "gnupg-0:1.2.6-3.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:gnupg-0:1.2.6-3.x86_64"
},
"product_reference": "gnupg-0:1.2.6-3.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:gnupg-debuginfo-0:1.2.6-3.i386"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:gnupg-debuginfo-0:1.2.6-3.ia64"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:gnupg-debuginfo-0:1.2.6-3.ppc"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:gnupg-debuginfo-0:1.2.6-3.s390"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:gnupg-debuginfo-0:1.2.6-3.s390x"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:gnupg-debuginfo-0:1.2.6-3.x86_64"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:gnupg-0:1.2.6-3.i386"
},
"product_reference": "gnupg-0:1.2.6-3.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:gnupg-0:1.2.6-3.ia64"
},
"product_reference": "gnupg-0:1.2.6-3.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:gnupg-0:1.2.6-3.ppc"
},
"product_reference": "gnupg-0:1.2.6-3.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:gnupg-0:1.2.6-3.s390"
},
"product_reference": "gnupg-0:1.2.6-3.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:gnupg-0:1.2.6-3.s390x"
},
"product_reference": "gnupg-0:1.2.6-3.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:gnupg-0:1.2.6-3.src"
},
"product_reference": "gnupg-0:1.2.6-3.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-0:1.2.6-3.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:gnupg-0:1.2.6-3.x86_64"
},
"product_reference": "gnupg-0:1.2.6-3.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:gnupg-debuginfo-0:1.2.6-3.i386"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:gnupg-debuginfo-0:1.2.6-3.ia64"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:gnupg-debuginfo-0:1.2.6-3.ppc"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:gnupg-debuginfo-0:1.2.6-3.s390"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:gnupg-debuginfo-0:1.2.6-3.s390x"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnupg-debuginfo-0:1.2.6-3.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:gnupg-debuginfo-0:1.2.6-3.x86_64"
},
"product_reference": "gnupg-debuginfo-0:1.2.6-3.x86_64",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-0049",
"discovery_date": "2006-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617870"
}
],
"notes": [
{
"category": "description",
"text": "gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS:gnupg-0:1.2.1-15.i386",
"3AS:gnupg-0:1.2.1-15.ia64",
"3AS:gnupg-0:1.2.1-15.ppc",
"3AS:gnupg-0:1.2.1-15.s390",
"3AS:gnupg-0:1.2.1-15.s390x",
"3AS:gnupg-0:1.2.1-15.src",
"3AS:gnupg-0:1.2.1-15.x86_64",
"3AS:gnupg-debuginfo-0:1.2.1-15.i386",
"3AS:gnupg-debuginfo-0:1.2.1-15.ia64",
"3AS:gnupg-debuginfo-0:1.2.1-15.ppc",
"3AS:gnupg-debuginfo-0:1.2.1-15.s390",
"3AS:gnupg-debuginfo-0:1.2.1-15.s390x",
"3AS:gnupg-debuginfo-0:1.2.1-15.x86_64",
"3Desktop:gnupg-0:1.2.1-15.i386",
"3Desktop:gnupg-0:1.2.1-15.ia64",
"3Desktop:gnupg-0:1.2.1-15.ppc",
"3Desktop:gnupg-0:1.2.1-15.s390",
"3Desktop:gnupg-0:1.2.1-15.s390x",
"3Desktop:gnupg-0:1.2.1-15.src",
"3Desktop:gnupg-0:1.2.1-15.x86_64",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.i386",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.ia64",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.ppc",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.s390",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.s390x",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.x86_64",
"3ES:gnupg-0:1.2.1-15.i386",
"3ES:gnupg-0:1.2.1-15.ia64",
"3ES:gnupg-0:1.2.1-15.ppc",
"3ES:gnupg-0:1.2.1-15.s390",
"3ES:gnupg-0:1.2.1-15.s390x",
"3ES:gnupg-0:1.2.1-15.src",
"3ES:gnupg-0:1.2.1-15.x86_64",
"3ES:gnupg-debuginfo-0:1.2.1-15.i386",
"3ES:gnupg-debuginfo-0:1.2.1-15.ia64",
"3ES:gnupg-debuginfo-0:1.2.1-15.ppc",
"3ES:gnupg-debuginfo-0:1.2.1-15.s390",
"3ES:gnupg-debuginfo-0:1.2.1-15.s390x",
"3ES:gnupg-debuginfo-0:1.2.1-15.x86_64",
"3WS:gnupg-0:1.2.1-15.i386",
"3WS:gnupg-0:1.2.1-15.ia64",
"3WS:gnupg-0:1.2.1-15.ppc",
"3WS:gnupg-0:1.2.1-15.s390",
"3WS:gnupg-0:1.2.1-15.s390x",
"3WS:gnupg-0:1.2.1-15.src",
"3WS:gnupg-0:1.2.1-15.x86_64",
"3WS:gnupg-debuginfo-0:1.2.1-15.i386",
"3WS:gnupg-debuginfo-0:1.2.1-15.ia64",
"3WS:gnupg-debuginfo-0:1.2.1-15.ppc",
"3WS:gnupg-debuginfo-0:1.2.1-15.s390",
"3WS:gnupg-debuginfo-0:1.2.1-15.s390x",
"3WS:gnupg-debuginfo-0:1.2.1-15.x86_64",
"4AS:gnupg-0:1.2.6-3.i386",
"4AS:gnupg-0:1.2.6-3.ia64",
"4AS:gnupg-0:1.2.6-3.ppc",
"4AS:gnupg-0:1.2.6-3.s390",
"4AS:gnupg-0:1.2.6-3.s390x",
"4AS:gnupg-0:1.2.6-3.src",
"4AS:gnupg-0:1.2.6-3.x86_64",
"4AS:gnupg-debuginfo-0:1.2.6-3.i386",
"4AS:gnupg-debuginfo-0:1.2.6-3.ia64",
"4AS:gnupg-debuginfo-0:1.2.6-3.ppc",
"4AS:gnupg-debuginfo-0:1.2.6-3.s390",
"4AS:gnupg-debuginfo-0:1.2.6-3.s390x",
"4AS:gnupg-debuginfo-0:1.2.6-3.x86_64",
"4Desktop:gnupg-0:1.2.6-3.i386",
"4Desktop:gnupg-0:1.2.6-3.ia64",
"4Desktop:gnupg-0:1.2.6-3.ppc",
"4Desktop:gnupg-0:1.2.6-3.s390",
"4Desktop:gnupg-0:1.2.6-3.s390x",
"4Desktop:gnupg-0:1.2.6-3.src",
"4Desktop:gnupg-0:1.2.6-3.x86_64",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.i386",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.ia64",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.ppc",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.s390",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.s390x",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.x86_64",
"4ES:gnupg-0:1.2.6-3.i386",
"4ES:gnupg-0:1.2.6-3.ia64",
"4ES:gnupg-0:1.2.6-3.ppc",
"4ES:gnupg-0:1.2.6-3.s390",
"4ES:gnupg-0:1.2.6-3.s390x",
"4ES:gnupg-0:1.2.6-3.src",
"4ES:gnupg-0:1.2.6-3.x86_64",
"4ES:gnupg-debuginfo-0:1.2.6-3.i386",
"4ES:gnupg-debuginfo-0:1.2.6-3.ia64",
"4ES:gnupg-debuginfo-0:1.2.6-3.ppc",
"4ES:gnupg-debuginfo-0:1.2.6-3.s390",
"4ES:gnupg-debuginfo-0:1.2.6-3.s390x",
"4ES:gnupg-debuginfo-0:1.2.6-3.x86_64",
"4WS:gnupg-0:1.2.6-3.i386",
"4WS:gnupg-0:1.2.6-3.ia64",
"4WS:gnupg-0:1.2.6-3.ppc",
"4WS:gnupg-0:1.2.6-3.s390",
"4WS:gnupg-0:1.2.6-3.s390x",
"4WS:gnupg-0:1.2.6-3.src",
"4WS:gnupg-0:1.2.6-3.x86_64",
"4WS:gnupg-debuginfo-0:1.2.6-3.i386",
"4WS:gnupg-debuginfo-0:1.2.6-3.ia64",
"4WS:gnupg-debuginfo-0:1.2.6-3.ppc",
"4WS:gnupg-debuginfo-0:1.2.6-3.s390",
"4WS:gnupg-debuginfo-0:1.2.6-3.s390x",
"4WS:gnupg-debuginfo-0:1.2.6-3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-0049"
},
{
"category": "external",
"summary": "RHBZ#1617870",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617870"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-0049",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-0049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-0049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0049"
}
],
"release_date": "2006-03-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2006-03-15T16:36:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"3AS:gnupg-0:1.2.1-15.i386",
"3AS:gnupg-0:1.2.1-15.ia64",
"3AS:gnupg-0:1.2.1-15.ppc",
"3AS:gnupg-0:1.2.1-15.s390",
"3AS:gnupg-0:1.2.1-15.s390x",
"3AS:gnupg-0:1.2.1-15.src",
"3AS:gnupg-0:1.2.1-15.x86_64",
"3AS:gnupg-debuginfo-0:1.2.1-15.i386",
"3AS:gnupg-debuginfo-0:1.2.1-15.ia64",
"3AS:gnupg-debuginfo-0:1.2.1-15.ppc",
"3AS:gnupg-debuginfo-0:1.2.1-15.s390",
"3AS:gnupg-debuginfo-0:1.2.1-15.s390x",
"3AS:gnupg-debuginfo-0:1.2.1-15.x86_64",
"3Desktop:gnupg-0:1.2.1-15.i386",
"3Desktop:gnupg-0:1.2.1-15.ia64",
"3Desktop:gnupg-0:1.2.1-15.ppc",
"3Desktop:gnupg-0:1.2.1-15.s390",
"3Desktop:gnupg-0:1.2.1-15.s390x",
"3Desktop:gnupg-0:1.2.1-15.src",
"3Desktop:gnupg-0:1.2.1-15.x86_64",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.i386",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.ia64",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.ppc",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.s390",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.s390x",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.x86_64",
"3ES:gnupg-0:1.2.1-15.i386",
"3ES:gnupg-0:1.2.1-15.ia64",
"3ES:gnupg-0:1.2.1-15.ppc",
"3ES:gnupg-0:1.2.1-15.s390",
"3ES:gnupg-0:1.2.1-15.s390x",
"3ES:gnupg-0:1.2.1-15.src",
"3ES:gnupg-0:1.2.1-15.x86_64",
"3ES:gnupg-debuginfo-0:1.2.1-15.i386",
"3ES:gnupg-debuginfo-0:1.2.1-15.ia64",
"3ES:gnupg-debuginfo-0:1.2.1-15.ppc",
"3ES:gnupg-debuginfo-0:1.2.1-15.s390",
"3ES:gnupg-debuginfo-0:1.2.1-15.s390x",
"3ES:gnupg-debuginfo-0:1.2.1-15.x86_64",
"3WS:gnupg-0:1.2.1-15.i386",
"3WS:gnupg-0:1.2.1-15.ia64",
"3WS:gnupg-0:1.2.1-15.ppc",
"3WS:gnupg-0:1.2.1-15.s390",
"3WS:gnupg-0:1.2.1-15.s390x",
"3WS:gnupg-0:1.2.1-15.src",
"3WS:gnupg-0:1.2.1-15.x86_64",
"3WS:gnupg-debuginfo-0:1.2.1-15.i386",
"3WS:gnupg-debuginfo-0:1.2.1-15.ia64",
"3WS:gnupg-debuginfo-0:1.2.1-15.ppc",
"3WS:gnupg-debuginfo-0:1.2.1-15.s390",
"3WS:gnupg-debuginfo-0:1.2.1-15.s390x",
"3WS:gnupg-debuginfo-0:1.2.1-15.x86_64",
"4AS:gnupg-0:1.2.6-3.i386",
"4AS:gnupg-0:1.2.6-3.ia64",
"4AS:gnupg-0:1.2.6-3.ppc",
"4AS:gnupg-0:1.2.6-3.s390",
"4AS:gnupg-0:1.2.6-3.s390x",
"4AS:gnupg-0:1.2.6-3.src",
"4AS:gnupg-0:1.2.6-3.x86_64",
"4AS:gnupg-debuginfo-0:1.2.6-3.i386",
"4AS:gnupg-debuginfo-0:1.2.6-3.ia64",
"4AS:gnupg-debuginfo-0:1.2.6-3.ppc",
"4AS:gnupg-debuginfo-0:1.2.6-3.s390",
"4AS:gnupg-debuginfo-0:1.2.6-3.s390x",
"4AS:gnupg-debuginfo-0:1.2.6-3.x86_64",
"4Desktop:gnupg-0:1.2.6-3.i386",
"4Desktop:gnupg-0:1.2.6-3.ia64",
"4Desktop:gnupg-0:1.2.6-3.ppc",
"4Desktop:gnupg-0:1.2.6-3.s390",
"4Desktop:gnupg-0:1.2.6-3.s390x",
"4Desktop:gnupg-0:1.2.6-3.src",
"4Desktop:gnupg-0:1.2.6-3.x86_64",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.i386",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.ia64",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.ppc",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.s390",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.s390x",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.x86_64",
"4ES:gnupg-0:1.2.6-3.i386",
"4ES:gnupg-0:1.2.6-3.ia64",
"4ES:gnupg-0:1.2.6-3.ppc",
"4ES:gnupg-0:1.2.6-3.s390",
"4ES:gnupg-0:1.2.6-3.s390x",
"4ES:gnupg-0:1.2.6-3.src",
"4ES:gnupg-0:1.2.6-3.x86_64",
"4ES:gnupg-debuginfo-0:1.2.6-3.i386",
"4ES:gnupg-debuginfo-0:1.2.6-3.ia64",
"4ES:gnupg-debuginfo-0:1.2.6-3.ppc",
"4ES:gnupg-debuginfo-0:1.2.6-3.s390",
"4ES:gnupg-debuginfo-0:1.2.6-3.s390x",
"4ES:gnupg-debuginfo-0:1.2.6-3.x86_64",
"4WS:gnupg-0:1.2.6-3.i386",
"4WS:gnupg-0:1.2.6-3.ia64",
"4WS:gnupg-0:1.2.6-3.ppc",
"4WS:gnupg-0:1.2.6-3.s390",
"4WS:gnupg-0:1.2.6-3.s390x",
"4WS:gnupg-0:1.2.6-3.src",
"4WS:gnupg-0:1.2.6-3.x86_64",
"4WS:gnupg-debuginfo-0:1.2.6-3.i386",
"4WS:gnupg-debuginfo-0:1.2.6-3.ia64",
"4WS:gnupg-debuginfo-0:1.2.6-3.ppc",
"4WS:gnupg-debuginfo-0:1.2.6-3.s390",
"4WS:gnupg-debuginfo-0:1.2.6-3.s390x",
"4WS:gnupg-debuginfo-0:1.2.6-3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2006:0266"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2006-0455",
"discovery_date": "2006-02-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618000"
}
],
"notes": [
{
"category": "description",
"text": "gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command \"gpg --verify\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS:gnupg-0:1.2.1-15.i386",
"3AS:gnupg-0:1.2.1-15.ia64",
"3AS:gnupg-0:1.2.1-15.ppc",
"3AS:gnupg-0:1.2.1-15.s390",
"3AS:gnupg-0:1.2.1-15.s390x",
"3AS:gnupg-0:1.2.1-15.src",
"3AS:gnupg-0:1.2.1-15.x86_64",
"3AS:gnupg-debuginfo-0:1.2.1-15.i386",
"3AS:gnupg-debuginfo-0:1.2.1-15.ia64",
"3AS:gnupg-debuginfo-0:1.2.1-15.ppc",
"3AS:gnupg-debuginfo-0:1.2.1-15.s390",
"3AS:gnupg-debuginfo-0:1.2.1-15.s390x",
"3AS:gnupg-debuginfo-0:1.2.1-15.x86_64",
"3Desktop:gnupg-0:1.2.1-15.i386",
"3Desktop:gnupg-0:1.2.1-15.ia64",
"3Desktop:gnupg-0:1.2.1-15.ppc",
"3Desktop:gnupg-0:1.2.1-15.s390",
"3Desktop:gnupg-0:1.2.1-15.s390x",
"3Desktop:gnupg-0:1.2.1-15.src",
"3Desktop:gnupg-0:1.2.1-15.x86_64",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.i386",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.ia64",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.ppc",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.s390",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.s390x",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.x86_64",
"3ES:gnupg-0:1.2.1-15.i386",
"3ES:gnupg-0:1.2.1-15.ia64",
"3ES:gnupg-0:1.2.1-15.ppc",
"3ES:gnupg-0:1.2.1-15.s390",
"3ES:gnupg-0:1.2.1-15.s390x",
"3ES:gnupg-0:1.2.1-15.src",
"3ES:gnupg-0:1.2.1-15.x86_64",
"3ES:gnupg-debuginfo-0:1.2.1-15.i386",
"3ES:gnupg-debuginfo-0:1.2.1-15.ia64",
"3ES:gnupg-debuginfo-0:1.2.1-15.ppc",
"3ES:gnupg-debuginfo-0:1.2.1-15.s390",
"3ES:gnupg-debuginfo-0:1.2.1-15.s390x",
"3ES:gnupg-debuginfo-0:1.2.1-15.x86_64",
"3WS:gnupg-0:1.2.1-15.i386",
"3WS:gnupg-0:1.2.1-15.ia64",
"3WS:gnupg-0:1.2.1-15.ppc",
"3WS:gnupg-0:1.2.1-15.s390",
"3WS:gnupg-0:1.2.1-15.s390x",
"3WS:gnupg-0:1.2.1-15.src",
"3WS:gnupg-0:1.2.1-15.x86_64",
"3WS:gnupg-debuginfo-0:1.2.1-15.i386",
"3WS:gnupg-debuginfo-0:1.2.1-15.ia64",
"3WS:gnupg-debuginfo-0:1.2.1-15.ppc",
"3WS:gnupg-debuginfo-0:1.2.1-15.s390",
"3WS:gnupg-debuginfo-0:1.2.1-15.s390x",
"3WS:gnupg-debuginfo-0:1.2.1-15.x86_64",
"4AS:gnupg-0:1.2.6-3.i386",
"4AS:gnupg-0:1.2.6-3.ia64",
"4AS:gnupg-0:1.2.6-3.ppc",
"4AS:gnupg-0:1.2.6-3.s390",
"4AS:gnupg-0:1.2.6-3.s390x",
"4AS:gnupg-0:1.2.6-3.src",
"4AS:gnupg-0:1.2.6-3.x86_64",
"4AS:gnupg-debuginfo-0:1.2.6-3.i386",
"4AS:gnupg-debuginfo-0:1.2.6-3.ia64",
"4AS:gnupg-debuginfo-0:1.2.6-3.ppc",
"4AS:gnupg-debuginfo-0:1.2.6-3.s390",
"4AS:gnupg-debuginfo-0:1.2.6-3.s390x",
"4AS:gnupg-debuginfo-0:1.2.6-3.x86_64",
"4Desktop:gnupg-0:1.2.6-3.i386",
"4Desktop:gnupg-0:1.2.6-3.ia64",
"4Desktop:gnupg-0:1.2.6-3.ppc",
"4Desktop:gnupg-0:1.2.6-3.s390",
"4Desktop:gnupg-0:1.2.6-3.s390x",
"4Desktop:gnupg-0:1.2.6-3.src",
"4Desktop:gnupg-0:1.2.6-3.x86_64",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.i386",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.ia64",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.ppc",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.s390",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.s390x",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.x86_64",
"4ES:gnupg-0:1.2.6-3.i386",
"4ES:gnupg-0:1.2.6-3.ia64",
"4ES:gnupg-0:1.2.6-3.ppc",
"4ES:gnupg-0:1.2.6-3.s390",
"4ES:gnupg-0:1.2.6-3.s390x",
"4ES:gnupg-0:1.2.6-3.src",
"4ES:gnupg-0:1.2.6-3.x86_64",
"4ES:gnupg-debuginfo-0:1.2.6-3.i386",
"4ES:gnupg-debuginfo-0:1.2.6-3.ia64",
"4ES:gnupg-debuginfo-0:1.2.6-3.ppc",
"4ES:gnupg-debuginfo-0:1.2.6-3.s390",
"4ES:gnupg-debuginfo-0:1.2.6-3.s390x",
"4ES:gnupg-debuginfo-0:1.2.6-3.x86_64",
"4WS:gnupg-0:1.2.6-3.i386",
"4WS:gnupg-0:1.2.6-3.ia64",
"4WS:gnupg-0:1.2.6-3.ppc",
"4WS:gnupg-0:1.2.6-3.s390",
"4WS:gnupg-0:1.2.6-3.s390x",
"4WS:gnupg-0:1.2.6-3.src",
"4WS:gnupg-0:1.2.6-3.x86_64",
"4WS:gnupg-debuginfo-0:1.2.6-3.i386",
"4WS:gnupg-debuginfo-0:1.2.6-3.ia64",
"4WS:gnupg-debuginfo-0:1.2.6-3.ppc",
"4WS:gnupg-debuginfo-0:1.2.6-3.s390",
"4WS:gnupg-debuginfo-0:1.2.6-3.s390x",
"4WS:gnupg-debuginfo-0:1.2.6-3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-0455"
},
{
"category": "external",
"summary": "RHBZ#1618000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-0455",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-0455"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-0455",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0455"
}
],
"release_date": "2006-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2006-03-15T16:36:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"3AS:gnupg-0:1.2.1-15.i386",
"3AS:gnupg-0:1.2.1-15.ia64",
"3AS:gnupg-0:1.2.1-15.ppc",
"3AS:gnupg-0:1.2.1-15.s390",
"3AS:gnupg-0:1.2.1-15.s390x",
"3AS:gnupg-0:1.2.1-15.src",
"3AS:gnupg-0:1.2.1-15.x86_64",
"3AS:gnupg-debuginfo-0:1.2.1-15.i386",
"3AS:gnupg-debuginfo-0:1.2.1-15.ia64",
"3AS:gnupg-debuginfo-0:1.2.1-15.ppc",
"3AS:gnupg-debuginfo-0:1.2.1-15.s390",
"3AS:gnupg-debuginfo-0:1.2.1-15.s390x",
"3AS:gnupg-debuginfo-0:1.2.1-15.x86_64",
"3Desktop:gnupg-0:1.2.1-15.i386",
"3Desktop:gnupg-0:1.2.1-15.ia64",
"3Desktop:gnupg-0:1.2.1-15.ppc",
"3Desktop:gnupg-0:1.2.1-15.s390",
"3Desktop:gnupg-0:1.2.1-15.s390x",
"3Desktop:gnupg-0:1.2.1-15.src",
"3Desktop:gnupg-0:1.2.1-15.x86_64",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.i386",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.ia64",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.ppc",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.s390",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.s390x",
"3Desktop:gnupg-debuginfo-0:1.2.1-15.x86_64",
"3ES:gnupg-0:1.2.1-15.i386",
"3ES:gnupg-0:1.2.1-15.ia64",
"3ES:gnupg-0:1.2.1-15.ppc",
"3ES:gnupg-0:1.2.1-15.s390",
"3ES:gnupg-0:1.2.1-15.s390x",
"3ES:gnupg-0:1.2.1-15.src",
"3ES:gnupg-0:1.2.1-15.x86_64",
"3ES:gnupg-debuginfo-0:1.2.1-15.i386",
"3ES:gnupg-debuginfo-0:1.2.1-15.ia64",
"3ES:gnupg-debuginfo-0:1.2.1-15.ppc",
"3ES:gnupg-debuginfo-0:1.2.1-15.s390",
"3ES:gnupg-debuginfo-0:1.2.1-15.s390x",
"3ES:gnupg-debuginfo-0:1.2.1-15.x86_64",
"3WS:gnupg-0:1.2.1-15.i386",
"3WS:gnupg-0:1.2.1-15.ia64",
"3WS:gnupg-0:1.2.1-15.ppc",
"3WS:gnupg-0:1.2.1-15.s390",
"3WS:gnupg-0:1.2.1-15.s390x",
"3WS:gnupg-0:1.2.1-15.src",
"3WS:gnupg-0:1.2.1-15.x86_64",
"3WS:gnupg-debuginfo-0:1.2.1-15.i386",
"3WS:gnupg-debuginfo-0:1.2.1-15.ia64",
"3WS:gnupg-debuginfo-0:1.2.1-15.ppc",
"3WS:gnupg-debuginfo-0:1.2.1-15.s390",
"3WS:gnupg-debuginfo-0:1.2.1-15.s390x",
"3WS:gnupg-debuginfo-0:1.2.1-15.x86_64",
"4AS:gnupg-0:1.2.6-3.i386",
"4AS:gnupg-0:1.2.6-3.ia64",
"4AS:gnupg-0:1.2.6-3.ppc",
"4AS:gnupg-0:1.2.6-3.s390",
"4AS:gnupg-0:1.2.6-3.s390x",
"4AS:gnupg-0:1.2.6-3.src",
"4AS:gnupg-0:1.2.6-3.x86_64",
"4AS:gnupg-debuginfo-0:1.2.6-3.i386",
"4AS:gnupg-debuginfo-0:1.2.6-3.ia64",
"4AS:gnupg-debuginfo-0:1.2.6-3.ppc",
"4AS:gnupg-debuginfo-0:1.2.6-3.s390",
"4AS:gnupg-debuginfo-0:1.2.6-3.s390x",
"4AS:gnupg-debuginfo-0:1.2.6-3.x86_64",
"4Desktop:gnupg-0:1.2.6-3.i386",
"4Desktop:gnupg-0:1.2.6-3.ia64",
"4Desktop:gnupg-0:1.2.6-3.ppc",
"4Desktop:gnupg-0:1.2.6-3.s390",
"4Desktop:gnupg-0:1.2.6-3.s390x",
"4Desktop:gnupg-0:1.2.6-3.src",
"4Desktop:gnupg-0:1.2.6-3.x86_64",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.i386",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.ia64",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.ppc",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.s390",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.s390x",
"4Desktop:gnupg-debuginfo-0:1.2.6-3.x86_64",
"4ES:gnupg-0:1.2.6-3.i386",
"4ES:gnupg-0:1.2.6-3.ia64",
"4ES:gnupg-0:1.2.6-3.ppc",
"4ES:gnupg-0:1.2.6-3.s390",
"4ES:gnupg-0:1.2.6-3.s390x",
"4ES:gnupg-0:1.2.6-3.src",
"4ES:gnupg-0:1.2.6-3.x86_64",
"4ES:gnupg-debuginfo-0:1.2.6-3.i386",
"4ES:gnupg-debuginfo-0:1.2.6-3.ia64",
"4ES:gnupg-debuginfo-0:1.2.6-3.ppc",
"4ES:gnupg-debuginfo-0:1.2.6-3.s390",
"4ES:gnupg-debuginfo-0:1.2.6-3.s390x",
"4ES:gnupg-debuginfo-0:1.2.6-3.x86_64",
"4WS:gnupg-0:1.2.6-3.i386",
"4WS:gnupg-0:1.2.6-3.ia64",
"4WS:gnupg-0:1.2.6-3.ppc",
"4WS:gnupg-0:1.2.6-3.s390",
"4WS:gnupg-0:1.2.6-3.s390x",
"4WS:gnupg-0:1.2.6-3.src",
"4WS:gnupg-0:1.2.6-3.x86_64",
"4WS:gnupg-debuginfo-0:1.2.6-3.i386",
"4WS:gnupg-debuginfo-0:1.2.6-3.ia64",
"4WS:gnupg-debuginfo-0:1.2.6-3.ppc",
"4WS:gnupg-debuginfo-0:1.2.6-3.s390",
"4WS:gnupg-debuginfo-0:1.2.6-3.s390x",
"4WS:gnupg-debuginfo-0:1.2.6-3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2006:0266"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…