Debian GNU/Linux Advisory: gnupg | Linux Today
Security
SHARE
Facebook X Pinterest WhatsApp

Debian GNU/Linux Advisory: gnupg

Written By
Web Webster
Web Webster
Feb 15, 2004

Debian Security Advisory DSA 429-2 security@debian.org
http://www.debian.org/security/
Matt Zimmerman
February 13th, 2004 http://www.debian.org/security/faq

Package : gnupg
Vulnerability : cryptographic weakness
Problem-Type : local
Debian-specific: no
CVE Ids : CAN-2003-0971

Phong Nguyen identified a severe bug in the way GnuPG creates
and uses ElGamal keys for signing. This is a significant security
failure which can lead to a compromise of almost all ElGamal keys
used for signing.

The update provided in DSA 459-1 disables the use of this type
of key, using an interim fix. This update, DSA 459-2, implements a
more correct and permanent fix provided by David Shaw.

For the current stable distribution (woody) this problem has
been fixed in version 1.0.6-4woody3.

We recommend that you update your gnupg package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:


http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody3.dsc

Size/MD5 checksum: 577 f5a742233c584754c479daf7dfe58a9e

http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody3.diff.gz

Size/MD5 checksum: 5262 1ecf9f459e0b05c31128adac05ef2fe4

http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6.orig.tar.gz

Size/MD5 checksum: 1941676 7c319a9e5e70ad9bc3bf0d7b5008a508

Alpha architecture:


http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody3_alpha.deb

Size/MD5 checksum: 1150082 724d4fcb6f2ff0969b5ceba82e8aabe5

ARM architecture:


http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody3_arm.deb

Size/MD5 checksum: 986748 8efdbc409f140c1aaefadb97646944d6

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody3_i386.deb

Size/MD5 checksum: 966408 50e5e44b2efa34d7c7d3a8fd630dc96a

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody3_ia64.deb

Size/MD5 checksum: 1271406 4c5e77defc13bf4bae3d11431257e6a3

HP Precision architecture:


http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody3_hppa.deb

Size/MD5 checksum: 1058822 02516b6984cf695ef31c970980d36864

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody3_m68k.deb

Size/MD5 checksum: 942188 ed7d9d16820608b3172be64f6b470b97

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody3_mips.deb

Size/MD5 checksum: 1035630 9b25dd3f06580549bfa93ee429605d0e

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody3_mipsel.deb

Size/MD5 checksum: 1035864 740243a767cc1ff53f116d0e97aa66a7

PowerPC architecture:


http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody3_powerpc.deb

Size/MD5 checksum: 1009152 678b2fc28d01eac452d96f925d2d40b2

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody3_s390.deb

Size/MD5 checksum: 1001666 c5a70add4dfa1cb3828d9892513d3c15

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody3_sparc.deb

Size/MD5 checksum: 1003634 32490333505f1804e9fcf4a786fbc293

These files will probably be moved into the stable distribution
on its next revision.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main

Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show ‘ and http://packages.debian.org/
Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

facebook
linkedin
x

Company

Contact us

Categories

News IT Management Infrastructure Developer Security High Performance Storage Blog

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information