GnuPG security fix 1.0.6 | Linux Today
Security
SHARE
Facebook X Pinterest WhatsApp

GnuPG security fix 1.0.6

Written By
Web Webster
Web Webster
Jun 1, 2001 
From: Werner Koch <wk@gnupg.org>
Subject: GnuPG security fix 1.0.6
Date: Fri, 1 Jun 2001 14:40:58 +0200

Hi,

I have recently released a new version of GnuPG which fixes an
exploit found by fish stiqz as well as some other bugs:

    * Security fix for a format string bug in the tty code.

    * Fixed format string bugs in all PO files.

    * Removed Russian translation due to too many bugs.  The FTP
      server has an unofficial but better translation in the contrib
      directory.

    * Fixed expire time calculation and keyserver access.

    * The usual set of minor bug fixes and enhancements.

Although the posted exploit code can only be used with a special
knowledge of the target machine, I STRONGLY ADVISE UPDATING GnuPG to
this new version.

This new release should be avalable at all mirror sites (see
http://www.gnupg.org/mirrors.html and below) and at the primary location:

 ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.6.tar.gz  (1896k)
 ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.6.tar.gz.sig

or as a patch file:

 ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.5-1.0.6.diff.gz (217k)

MD5 checksums are:

   7c319a9e5e70ad9bc3bf0d7b5008a508  gnupg-1.0.6.tar.gz/
   71ae7d725776688c2e095d9672f38e61  gnupg-1.0.5-1.0.6.diff.gz/

A binary distribution for MS Windows systems is available at:

  ftp://ftp.gnupg.org/gcrypt/binaty/gnupg-w32-1.0.6.zip
  ftp://ftp.gnupg.org/gcrypt/binaty/gnupg-w32-1.0.6.zip


After releasing this version it turned out that there is a small
glitch in the source when a compiler other than GCC is used.  If you
encounter a compile problem, you should fix it in include/ttyio.c
like this:

diff -r1.7.2.3 ttyio.h
27c27
<  void tty_printf  const char *fmt, ... );
---
>  void tty_printf (const char *fmt, ... );

Due to the switch to a new gettext version, some systems may have
problems with their own gettext version.  Using

  ./configure --with-included-gettext
 
should fix this (this is also mentioned in the INSTALL file)


Have fun

   Werner



Here is a list of sites mirroring ftp://ftp.gnupg.org/gcrypt/
Please use them if you can; new releases should show up on these
servers within a day. This mirror list is also available at
http://www.gnupg.org/mirrors.html


Australia

        ftp://ftp.planetmirror.com/pub/gnupg/
        http://ftp.planetmirror.com/pub/gnupg/
        ftp://mirror.aarnet.edu.au/pub/gnupg/

    Austria

        ftp://gd.tuwien.ac.at/privacy/gnupg/
        http://gd.tuwien.ac.at/privacy/gnupg/

    Belgium

        ftp://openbsd.rug.ac.be/pub/gcrypt/
        ftp://gnupg.x-zone.org/pub/gnupg

    Czechia

        ftp://ftp.gnupg.cz/pub/gcrypt

    Denmark

        ftp://sunsite.dk/pub/security/gcrypt/

    Finland

        ftp://ftp.jyu.fi/pub/crypt/gcrypt/

    France

        ftp://ftp.strasbourg.linuxfr.org/pub/gnupg/

    Germany

        ftp://ftp.franken.de/pub/crypt/mirror/ftp.guug.de/gcrypt/
        ftp://ftp.freenet.de/pub/ftp.gnupg.org/pub/gcrypt/

    Greece

        ftp://ftp.linux.gr/pub/crypto/gnupg/
        ftp://hal.csd.auth.gr/mirrors/gnupg/

    Hungary

        ftp://ftp.kfki.hu/pub/packages/security/gnupg/

    Iceland

        ftp://ftp.hi.is/pub/mirrors/gnupg/

    Ireland

        ftp://ftp.compsoc.com/pub/gnupg/

    Italy

        ftp://ftp.linux.it/pub/mirrors/gnupg/
        ftp://ftp3.linux.it/pub/mirrors/gnupg/

    Japan

        ftp://pgp.iijlab.net/pub/gnupg/
        ftp://ftp.ring.gr.jp/pub/net/gnupg/
        http://www.ring.gr.jp/pub/net/gnupg/

    Korea

        ftp://ftp.snu.ac.kr/pub/security/gnupg/

    Poland

        ftp://sunsite.icm.edu.pl/pub/security/gnupg/

    Spain

        ftp://dimonieta.udg.es/mirror/gnupg

    Sweden

        ftp://ftp.stacken.kth.se/pub/crypto/gnupg/
        ftp://ftp.sunet.se:/pub/security/gnupg/

    Switzerland

        ftp://sunsite.cnlab-switch.ch/mirror/gcrypt/

    Taiwan

        ftp://coda.nctu.edu.tw/Security/gcrypt

    United Kingdom

        ftp://ftp.net.lut.ac.uk/gcrypt/
        ftp://ftp.mirror.ac.uk/sites/ftp.gnupg.org/pub/gcrypt/
        http://www.mirror.ac.uk/sites/ftp.gnupg.org/pub/gcrypt/


--
Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus
Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

facebook
linkedin
x

Company

Contact us

Categories

News IT Management Infrastructure Developer Security High Performance Storage Blog

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information