drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in gnupg
Name: |
Denial of Service in gnupg |
|
ID: |
SSA:2006-215-01 |
|
Distribution: |
Slackware |
|
Plattformen: |
Slackware -current, Slackware 9.0, Slackware 9.1, Slackware 10.0, Slackware 10.1, Slackware 10.2 |
|
Datum: |
Do, 3. August 2006, 11:46 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
The GNU Privacy Guard |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] gnupg (SSA:2006-215-01)
New GnuPG packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues which could allow an attacker to crash gnupg and possibly overwrite memory which could lead to an integer overflow.
Here are the details from the Slackware 10.2 ChangeLog: +--------------------------+ patches/packages/gnupg-1.4.5-i486-1_slack10.2.tgz: Upgraded to gnupg-1.4.5. From the gnupg-1.4.5 NEWS file: * Fixed 2 more possible memory allocation attacks. They are similar to the problem we fixed with 1.4.4. This bug can easily be be exploited for a DoS; remote code execution is not entirely impossible. (* Security fix *) +--------------------------+
Where to find the new packages: +-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 9.0: gnupg-1.4.5-i386-1_slack9.0.tgz
Updated package for Slackware 9.1: gnupg-1.4.5-i486-1_slack9.1.tgz
Updated package for Slackware 10.0: gnupg-1.4.5-i486-1_slack10.0.tgz
Updated package for Slackware 10.1: gnupg-1.4.5-i486-1_slack10.1.tgz
Updated package for Slackware 10.2: gnupg-1.4.5-i486-1_slack10.2.tgz
Updated package for Slackware -current: gnupg-1.4.5-i486-1.tgz
MD5 signatures: +-------------+
Slackware 9.0 package: f4d340a8cfc868c89e06d68b377e04d7 gnupg-1.4.5-i386-1_slack9.0.tgz
Slackware 9.1 package: 38e8e6cb501883f841a2b287de579b22 gnupg-1.4.5-i486-1_slack9.1.tgz
Slackware 10.0 package: addbc70fb919cd61b81654e7059bf09f gnupg-1.4.5-i486-1_slack10.0.tgz
Slackware 10.1 package: d143db889c2e3f81feb6d686fbc826ee gnupg-1.4.5-i486-1_slack10.1.tgz
Slackware 10.2 package: 955bfff71f59f53165f2df63f1b177f3 gnupg-1.4.5-i486-1_slack10.2.tgz
Slackware -current package: dfb4e14c7fce72a8f240f05e75b09e8a gnupg-1.4.5-i486-1.tgz
Installation instructions: +------------------------+
Upgrade the packages as root: # upgradepkg gnupg-1.4.5-i486-1_slack10.2.tgz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.7 (GNU/Linux)
iD8DBQFE0cIdakRjwEAQIjMRAomjAJ4+jETFlThHJgeybewZSfVIWSZdSACfTykZ ofrk/a1Y9DEChzxLyg8nofw= =lLc5 -----END PGP SIGNATURE-----
|
|
|
|