|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: [CLSA-2000:334] Conectiva Linux Security Announcement - gnupg
From: secure
CONECTIVA.COM.BRDate: Sat Oct 28 2000 - 12:19:02 CDT
- Next message: proton: "tcsh: unsafe tempfile in << redirects"
- Previous message: PaX: "announcing PaX"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- -----------------------------------------------------------------------
PACKAGE : gnupg
SUMMARY : Signature checking bug
DATE : 2000-10-28 15:15:00
ID : CLSA-2000:334
RELEVANT
RELEASES : 4.0, 4.0es, 4.1, 4.2, 5.0, prg gráficos, ecommerce, 5.1
- ----------------------------------------------------------------------
DESCRIPTION
gnupg up to and including version 1.0.3 has a flaw in the signature
checking code. This code does not work properly when there are
multiple signatures within the file. Gnupg can incorrectly report
some signatures to be valid even if that portion of the file has been
tampered with.
SOLUTION
All gnupg users should upgrade to the latest package.
DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/gnupg-1.0.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/gnupg-1.0.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/gnupg-1.0.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/gnupg-1.0.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/gnupg-1.0.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/gnupg-1.0.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/gnupg-1.0.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/gnupg-1.0.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/gnupg-1.0.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/gnupg-1.0.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/gnupg-1.0.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/gnupg-1.0.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/gnupg-1.0.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/gnupg-1.0.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/gnupg-1.0.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/gnupg-1.0.4-1cl.i386.rpm
- ----------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key can be
obtained at http://www.conectiva.com.br/contato
- -----------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://www.conectiva.com.br/suporte/atualizacoes
- ----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribepapaleguas.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribepapaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5+wqF42jd0JmAcZARAjksAKDacCp1naxQWw2NnBwxnTiwGI2nHwCgzFp6
knJLl6CvybFdZVC+49tswsc=
=FEyi
-----END PGP SIGNATURE-----
- Next message: proton: "tcsh: unsafe tempfile in << redirects"
- Previous message: PaX: "announcing PaX"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]