Login
Newsletter
Werbung

Sicherheit: Fehler in Schlüsselvalidierung in gnupg
Aktuelle Meldungen Distributionen
Name: Fehler in Schlüsselvalidierung in gnupg
ID: 200305-04
Distribution: Gentoo
Plattformen: Keine Angabe
Datum: Sa, 17. Mai 2003, 13:00
Referenzen: Keine Angabe
Applikationen: The GNU Privacy Guard

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200305-04
--------------------------------------------------------------------

PACKAGE : gnupg
SUMMARY : key validity bug
DATE : 2003-05-16 11:55 UTC
VERSIONS AFFECTED : <gnupg-1.2.2
FIXED VERSION : >=gnupg-1.2.2
CVE : CAN-2003-0255

--------------------------------------------------------------------

- From advisory:

"As part of the development of GnuPG 1.2.2, a bug was discovered in the
key validation code. This bug causes keys with more than one user ID
to give all user IDs on the key the amount of validity given to the
most-valid key."

Read the full advisory at
http://marc.theaimsgroup.com/?l=bugtraq&m=105215110111174&w=2

SOLUTION

It is recommended that all Gentoo Linux users who are running
app-crypt/gnupg upgrade to gnupg-1.2.2 as follows:

emerge sync
emerge gnupg
emerge clean

--------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+xNHNfT7nyhUpoZMRAv6xAJ9Sbj96yso0kD1RVAR/fA2tF5Ce8ACfXfDZ
e2eSXVOCMuGRNyE+d+Sr8Ck=
=StRY
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung