[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] gnupg bugs

To: linux-security
Subject: [linux-security] gnupg bugs
From: Martin Siegert <siegert@sfu.ca>
Date: Wed, 20 Dec 2000 17:40:33 -0800
User-Agent: Mutt/1.2i

Topic
=====
secret key distribution and signature verification bugs in gnupg

Problem Description
===================
When importing keys from public key servers, GnuPG will import private keys
(also known as secret keys) in addition to public keys. If this happens,
the user's web of trust becomes corrupted. Additionally, when used to check
detached signatures, if the data file being checked contained clearsigned
data, GnuPG would not warn the user if the detached signature was
incorrect.

Affected Systems
================
Systems that have gnupg installed

Solution
========
Only RedHat has released new versions for now.
There is a patch for the signature verification bug on the www.gnupg.org
web site.

RedHat 6.2
rpm -Fvh gnupg-1.0.4-8.6.x.i386.rpm

RedHat 7.0
rpm -Fvh gnupg-1.0.4-9.i386.rpm

Prev by Date: [linux-security] slocate bugs
Next by Date: [linux-security] stunnel format bug
Prev by thread: [linux-security] stunnel format bug
Next by thread: [linux-security] slocate bugs
Index(es):
- Date
- Thread