Apple Computer, Inc. Not Affected

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Conectiva Inc. Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Cray Inc. Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Debian GNU/Linux Affected

Notified:  December 18, 2006 Updated: December 21, 2006

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Debian Security Advisory dsa-1231.

EMC, Inc. (formerly Data General Corporation) Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Engarde Secure Linux Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

F5 Networks, Inc. Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fedora Project Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

FreeBSD, Inc. Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fujitsu Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Gentoo Linux Affected

Notified:  December 18, 2006 Updated: December 21, 2006

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Gentoo Linux Security Advisory GLSA 200612-03.

GnuPG Affected

Notified:  December 07, 2006 Updated: December 07, 2006

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The GnuPG development team has published GnuPG version 1.4.6 in response to this issue. Users who compile GnuPG from the original distribution are encouraged to upgrade to this version (or later) or apply the patch to upgrade from 1.4.5 to 1.4.6.

Hewlett-Packard Company Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hitachi Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM Corporation Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM Corporation (zseries) Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM eServer Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Immunix Communications, Inc. Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ingrian Networks, Inc. Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Juniper Networks, Inc. Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Mandriva, Inc. Affected

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Affected

Vendor Statement

Mandriva has correct this issue with updated packages via advisory MDKSA-2006:228 (http://www.mandriva.com/security/advisories?name=MDKSA-2006:228)

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Microsoft Corporation Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

MontaVista Software, Inc. Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NEC Corporation Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NetBSD Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Novell, Inc. Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

OpenBSD Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

OpenPKG Affected

Updated:  December 21, 2006

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to OpenPKG Security Advisory 2006.037.

Openwall GNU/*/Linux Affected

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Affected

Vendor Statement

We have fixed this GnuPG vulnerability in Openwall GNU/*/Linux current as of 2006/12/06 and in 2.0-stable as of 2006/12/07.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

QNX, Software Systems, Inc. Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Red Hat, Inc. Affected

Updated:  December 07, 2006

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Red Hat has published Red Hat Security Advisory RHSA-2006:0754 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.

rPath Affected

Updated:  December 07, 2006

Status

Affected

Vendor Statement

rPath Security Advisory: 2006-0227-1 Published: 2006-12-06 Products: rPath Linux 1 Rating: Severe Exposure Level Classification: Indirect Deterministic Privilege Escalation Updated Versions: gnupg=/conary.rpath.com@rpl:devel//1/1.4.6-0.1- References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235 https://issues.rpath.com/browse/RPL-835 Description: Previous versions of the gnupg package will execute attacker-provided code found in intentionally malformed OpenPGP packets. This allows an attacker to run arbitrary code as the user invoking gpg on the file that contains the malformed packets.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Silicon Graphics, Inc. Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Slackware Linux Inc. Affected

Updated:  December 21, 2006

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The Slackware security team has published Slackware Security Advisory SSA:2006-340-01 in response to this issue. Users are encouraged to review this response and apply the patches it refers to.

Sony Corporation Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sun Microsystems, Inc. Not Affected

Notified:  December 18, 2006 Updated: December 21, 2006

Status

Not Affected

Vendor Statement

Sun does not ship GnuPG with Solaris and thus Solaris is not directly impacted by this issue. If a vulnerable version of GnuPG has been built and/or installed on a Solaris system then GnuPG will need to be updated to address this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

SUSE Linux Affected

Notified:  December 18, 2006 Updated: December 19, 2006

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to SUSE Security Summary Report SUSE-SR:2006:028.

The SCO Group Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Trustix Secure Linux Affected

Updated:  December 11, 2006

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see Trustix Secure Linux Security Advisory #2006-0070 for more information.

Turbolinux Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ubuntu Affected

Updated:  December 07, 2006

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The Ubuntu security team has published Ubuntu Security Notice USN-393-1 in response to this issue. Users are encouraged to review this notice and apply the patches it refers to.

Unisys Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Wind River Systems, Inc. Unknown

Notified:  December 18, 2006 Updated: December 18, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

View all 43 vendors View less vendors