[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] incorrect key validation by gnupg

To: linux-security
Subject: [linux-security] incorrect key validation by gnupg
From: Martin Siegert <siegert@sfu.ca>
Date: Sat, 31 May 2003 17:25:51 -0700
User-Agent: Mutt/1.4.1i

Topic
=====
incorrect key validation by gnupg

Problem Description
===================
When gpg evaluates trust values for different UIDs assigned to a key, it
would incorrectly associate the trust value of the UID with the highest
trust value with every other UID assigned to that key. This prevents a
warning message from being given when attempting to encrypt to an invalid
UID, but due to the bug, is accepted as valid.

Affected Versions
=================
gnupg versions 1.2.1 and earlier

Solution
========
upgrade to version 1.2.2 (or patched version for your distribution)

RedHat 7.x
----------
rpm -Fvh gnupg-1.0.7-7.i386.rpm

RedHat 8.0
----------
rpm -Fvh gnupg-1.0.7-8.i386.rpm

RedHat 9
--------
rpm -Fvh gnupg-1.2.1-4.i386.rpm

Mandrake 8.2, 9.0
-----------------
rpm -Fvh gnupg-1.0.7-3.1mdk.i586.rpm

Mandrake 9.1
------------
rpm -Fvh gnupg-1.2.2-1.1mdk.i586.rpm

Prev by Date: [linux-security] snort DoS vulnerability and remote exploit
Next by Date: [linux-security] DoS and local root exploits in Linux kernel
Prev by thread: Re: [linux-security] possibly remote root exploit in nfs-utils (SuSE)
Next by thread: [linux-security] snort DoS vulnerability and remote exploit
Index(es):
- Date
- Thread