Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Trustix Security Advisory - gnupg, ftpd-BSD

Dec 20, 2000, 22:38 (0 Talkback[s])

Date: Wed, 20 Dec 2000 14:53:45 +0100
From: Trustix Secure Linux Team tsl@TRUSTIX.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Trustix Security Advisory - gnupg, ftpd-BSD

Hi

Today we updated gnupg and ftpd-BSD. All versions of Trustix Secure Linux are affected.

gnupg:
This update stops gnupg from importing private keys unless this has been explicitly enabled, as this will corrupt the users web of trust. It also clears up the problem with gnupg ignoring detached signatures if the file being checked contains clearsigned data.

ftpd-BSD:
This contains a revised version of the replydirname() patch, as the first version we released contained a typo making the ftpd behave erratically. Thanks to Janåke Rönnblom for pointing this out.

MD5sums:
For version 1.2:
0f8d2d383aa63a187611f24610f6737b  RPMS/gnupg-1.0.4-4tr.i586.rpm
d20c0dd62b2562ab6b95c7f3bf06f7aa  SRPMS/gnupg-1.0.4-4tr.src.rpm
f3c02c5cddde1fbf5c9abb5238b15d5e  RPMS/ftpd-BSD-0.3.2-5tr.i586.rpm
33c71e68126a9b0aa0a333fa76d1e30c  SRPMS/ftpd-BSD-0.3.2-5tr.src.rpm

For version 1.1 and 1.0x:
4f8e7a238f268eb36ef535f7280b49bb  RPMS/gnupg-1.0.4-4tr.i586.rpm
cda6ef46d7a7a54d301ebbeb47abef95  SRPMS/gnupg-1.0.4-4tr.src.rpm
55123bc226b8a22ebae6c82782c5a2cb  RPMS/ftpd-BSD-0.3.2-5tr.i586.rpm
c8df7b5a9e6326dbc85853f80f3cf172  SRPMS/ftpd-BSD-0.3.2-5tr.src.rpm
Get the updates here:
http://www.trustix.net/pub/Trustix/updates/
ftp://ftp.trustix.net/pub/Trustix/updates/

Users of 1.0x should as always use the update for 1.1.

Questions? Problems? Try our mailinglists: <URL:http://www.trustix.net/support/>

--
Trustix Security Maintainance Agency