GnuPG Multiple Signed Message Modification Vulnerability

A snapshot of the updated GnuPG source tree is available at: (1681k)

Trustix recently released several updated packages:


iputils: Fixes serveral problems in ping including a buffer overflow.
gnupg: Fixed a serious bug which could lead to false signature verification results when more than one signature is fed to gpg.

ypbind: Local root exploit. Linux ypbind

Users of TSL 1.0x and 1.1 that worry about local security should
definitely upgrade.

9e2bbf3ddd728da4cbab3ece1ba390b7 gnupg-1.0.4-2tr.i586.rpm
43d503eb306f202c794ca064980574ad iputils-20001011-1tr.i586.rpm
8625657f6edea52b88e0cff1dfff4bb4 ypbind-3.3-29tr.i586.rpm

Get them at: or

Conectiva Linux:

GNU GNU Privacy Guard 1.0

GNU GNU Privacy Guard 1.0.1

GNU GNU Privacy Guard 1.0.2

GNU GNU Privacy Guard 1.0.3


Privacy Statement
Copyright 2010, SecurityFocus