Login
Newsletter
Werbung

Sicherheit: Denial of Service in gnupg
Aktuelle Meldungen Distributionen
Name: Denial of Service in gnupg
ID: SSA:2006-215-01
Distribution: Slackware
Plattformen: Slackware -current, Slackware 9.0, Slackware 9.1, Slackware 10.0, Slackware 10.1, Slackware 10.2
Datum: Do, 3. August 2006, 11:46
Referenzen: Keine Angabe
Applikationen: The GNU Privacy Guard

Originalnachricht


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] gnupg (SSA:2006-215-01)

New GnuPG packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2,
and -current to fix security issues which could allow an attacker to
crash gnupg and possibly overwrite memory which could lead to an integer
overflow.


Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/gnupg-1.4.5-i486-1_slack10.2.tgz:
Upgraded to gnupg-1.4.5.
From the gnupg-1.4.5 NEWS file:
* Fixed 2 more possible memory allocation attacks. They are
similar to the problem we fixed with 1.4.4. This bug can easily
be be exploited for a DoS; remote code execution is not entirely
impossible.
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 9.0:
gnupg-1.4.5-i386-1_slack9.0.tgz

Updated package for Slackware 9.1:
gnupg-1.4.5-i486-1_slack9.1.tgz

Updated package for Slackware 10.0:
gnupg-1.4.5-i486-1_slack10.0.tgz

Updated package for Slackware 10.1:
gnupg-1.4.5-i486-1_slack10.1.tgz

Updated package for Slackware 10.2:
gnupg-1.4.5-i486-1_slack10.2.tgz

Updated package for Slackware -current:
gnupg-1.4.5-i486-1.tgz


MD5 signatures:
+-------------+

Slackware 9.0 package:
f4d340a8cfc868c89e06d68b377e04d7 gnupg-1.4.5-i386-1_slack9.0.tgz

Slackware 9.1 package:
38e8e6cb501883f841a2b287de579b22 gnupg-1.4.5-i486-1_slack9.1.tgz

Slackware 10.0 package:
addbc70fb919cd61b81654e7059bf09f gnupg-1.4.5-i486-1_slack10.0.tgz

Slackware 10.1 package:
d143db889c2e3f81feb6d686fbc826ee gnupg-1.4.5-i486-1_slack10.1.tgz

Slackware 10.2 package:
955bfff71f59f53165f2df63f1b177f3 gnupg-1.4.5-i486-1_slack10.2.tgz

Slackware -current package:
dfb4e14c7fce72a8f240f05e75b09e8a gnupg-1.4.5-i486-1.tgz



Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg gnupg-1.4.5-i486-1_slack10.2.tgz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQFE0cIdakRjwEAQIjMRAomjAJ4+jETFlThHJgeybewZSfVIWSZdSACfTykZ
ofrk/a1Y9DEChzxLyg8nofw=
=lLc5
-----END PGP SIGNATURE-----
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung