• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

OpenPGP Cipher Feedback Mode Chosen-Ciphertext Partial Plaintext Retrieval Vulnerability

Solution:
ALT Linux has released updates dealing with this and other issues. Please see the reference section for more information.

SUSE has released advisory SUSE-SR:2005:007 to address this issue. Please see the referenced advisory for more information.

Mandrake Linux has released advisory MDKSA-2005:057 along with fixes dealing with this issue. Please see the referenced advisory for more information.

Gentoo has released advisory GLSA 200503-29 to address this issue. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:

emerge --sync
emerge --ask --oneshot --verbose ">=app-crypt/gnupg-1.4.1"

Ubuntu Linux has released security advisory USN-170-1 addressing this issue. Please see the referenced advisory for further information.


GNU GNU Privacy Guard 1.0.7

• Mandrake gnupg-1.0.7-3.3.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake gnupg-1.0.7-3.3.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php

GNU GNU Privacy Guard 1.2.3

• Mandrake gnupg-1.2.3-3.2.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake gnupg-1.2.3-3.2.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php

GNU GNU Privacy Guard 1.2.4

• Mandrake gnupg-1.2.4-1.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake gnupg-1.2.4-1.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake gnupg-1.2.4-1.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake gnupg-1.2.4-1.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake gnupg-1.2.4-1.1.C30mdk.i586.rpm
  Mandrake Corporate Server 3.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake gnupg-1.2.4-1.1.C30mdk.x86_64.rpm
  Mandrake Corporate Server 3.0/x86_64
  http://www.mandrakesecure.net/en/ftp.php

S.u.S.E. Linux Personal 8.2

• SuSE gpg-1.2.2rc1-113.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/gpg-1.2.2rc1-113. i586.rpm

S.u.S.E. Linux Personal 9.0

• SuSE gpg-1.2.2-131.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/gpg-1.2.2-131.i58 6.rpm

S.u.S.E. Linux Personal 9.0 x86_64

• SuSE gpg-1.2.2-131.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/gpg-1.2.2-131 .x86_64.rpm

S.u.S.E. Linux Personal 9.1 x86_64

• SuSE gpg-1.2.4-68.7.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/gpg-1.2.4-68. 7.x86_64.rpm

S.u.S.E. Linux Personal 9.1

• SuSE gpg-1.2.4-68.7.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/gpg-1.2.4-68.7.i5 86.rpm

S.u.S.E. Linux Personal 9.2

• SuSE gpg-1.2.5-3.2.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/gpg-1.2.5-3.2.i58 6.rpm

S.u.S.E. Linux Personal 9.2 x86_64

• SuSE gpg-1.2.5-3.2.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/gpg-1.2.5-3.2 .x86_64.rpm