SHARE

Conectiva Linux Security Announcement – gnupg

Written By

Web Webster

Oct 30, 2000

Date: Sat, 28 Oct 2000 15:19:02 -0200
From: secure@CONECTIVA.COM.BR
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: [CLSA-2000:334] Conectiva Linux Security Announcement –
gnupg

CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE   : gnupg
SUMMARY   : Signature checking bug
DATE      : 2000-10-28 15:15:00
ID        : CLSA-2000:334
RELEVANT
RELEASES  : 4.0, 4.0es, 4.1, 4.2, 5.0, prg gráficos, ecommerce, 5.1

DESCRIPTION
gnupg up to and including version 1.0.3 has a flaw in the signature
checking code. This code does not work properly when there are
multiple signatures within the file. Gnupg can incorrectly report
some signatures to be valid even if that portion of the file has
been tampered with.

SOLUTION
All gnupg users should upgrade to the latest package.

DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES

ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/gnupg-1.0.4-1cl.src.rpm

ftp://atualizacoes.conectiva.com.br/4.0/i386/gnupg-1.0.4-1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/gnupg-1.0.4-1cl.src.rpm

ftp://atualizacoes.conectiva.com.br/4.0es/i386/gnupg-1.0.4-1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/gnupg-1.0.4-1cl.src.rpm

ftp://atualizacoes.conectiva.com.br/4.1/i386/gnupg-1.0.4-1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/gnupg-1.0.4-1cl.src.rpm

ftp://atualizacoes.conectiva.com.br/4.2/i386/gnupg-1.0.4-1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/gnupg-1.0.4-1cl.src.rpm

ftp://atualizacoes.conectiva.com.br/5.0/i386/gnupg-1.0.4-1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/gnupg-1.0.4-1cl.src.rpm

ftp://atualizacoes.conectiva.com.br/5.1/i386/gnupg-1.0.4-1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/gnupg-1.0.4-1cl.src.rpm

ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/gnupg-1.0.4-1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/gnupg-1.0.4-1cl.src.rpm

ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/gnupg-1.0.4-1cl.i386.rpm

All packages are signed with Conectiva’s GPG key. The key can be
obtained at
http://www.conectiva.com.br/contato

All our advisories and generic update instructions can be viewed
at
http://www.conectiva.com.br/suporte/atualizacoes

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Conectiva Linux Security Announcement – gnupg

Web Webster

Company

Categories