Mandrake Linux Advisory: gnupgMay 23, 2003, 00:54 (0 Talkback[s])
Mandrake Linux Security Update Advisory
A bug was discovered in GnuPG versions 1.2.1 and earlier. When gpg evaluates trust values for different UIDs assigned to a key, it would incorrectly associate the trust value of the UID with the highest trust value with every other UID assigned to that key. This prevents a warning message from being given when attempting to encrypt to an invalid UID, but due to the bug, is accepted as valid.
Patches have been applied for version 1.0.7 and all users are encouraged to upgrade.
Corporate Server 2.1:
Mandrake Linux 8.2:
Mandrake Linux 8.2/PPC:
Mandrake Linux 9.0:
Mandrake Linux 9.1:
Mandrake Linux 9.1/PPC:
Multi Network Firewall 8.2:
Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
To upgrade automatically, use MandrakeUpdate. The verification of md5 checksums and GPG signatures is performed automatically for you.
If you want to upgrade manually, download the updated package from one of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of FTP mirrors can be obtained from:
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command:
rpm --checksig <filename>
All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team from:
Please be aware that sometimes it takes the mirrors a few hours to update.
You can view other update advisories for Mandrake Linux at:
MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting:
If you want to report vulnerabilities, please contact