[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] GnuPG format string bug

To: linux-security
Subject: [linux-security] GnuPG format string bug
From: Martin Siegert <siegert@sfu.ca>
Date: Thu, 14 Jun 2001 17:09:22 -0700
User-Agent: Mutt/1.2.5i

Topic
=====
Format string vulnerability in gnupg.

Problem Description
===================
GnuPG contains a format string vulnerability which can be
triggered simply by attempting to decrypt a file with a specially crafted
filename.  This vulnerability can allow a malicious user to gain
unathorized access to the account which attempted the decryption.

Affected Systems
================
All versions of GnuPG <= 1.0.5

Solution
========
upgrade to version 1.0.6

RedHat 6.x
----------
rpm -Fvh gnupg-1.0.6-0.6.x.i386.rpm

RedHat 7.x
----------
rpm -Fvh gnupg-1.0.6-1.i386.rpm

Mandrake 7.1
------------
rpm -Fvh gnupg-1.0.6-1.2mdk.i586.rpm

Mandrake 7.2, 8.0
-----------------
rpm -Fvh gnupg-1.0.6-1.1mdk.i586.rpm

Caldera OpenLinux (all variants)
--------------------------------
rpm -Fvh gnupg-1.0.6-1.i386.rpm

Prev by Date: [linux-security] man bugs
Next by Date: [linux-security] xinetd: insecure umask
Prev by thread: [linux-security] xinetd: insecure umask
Next by thread: [linux-security] man bugs
Index(es):
- Date
- Thread