This vulnerability could potentially be exploited by a local user to execute arbitrary code with root privileges.
Comment
Updated cvs packages that fix remote denial of service vulnerabilities are now available. (This is a legacy Red Hat fix, released by the Fedora Project).
An attacker could create a carefully crafted directory on a websitesuch that, if a user connects to that directory using the lftp clientand subsequently issues a ‘ls’ or ‘rels’ command, the attacker couldexecute arbitrary code on the users machine.
Phong Nguyen identified a severe bug in the way GnuPG creates anduses ElGamal keys, when those keys are used both to sign and encryptdata. This vulnerability can be used to trivially recover theprivate key.
XBoard 4.2.6 and older contains a script which writes to a file in /tmp with a predictable filename. Malicious users could use this vulnerability to force XBoard users to overwrite any file writableby them.