GnuPG Multiple Signed Message Modification Vulnerability

Solution:
A snapshot of the updated GnuPG source tree is available at:

ftp://ftp.guug.de/gcrypt/devel/gnupg-1.0.3b.tar.gz (1681k)
ftp://ftp.guug.de/gcrypt/devel/gnupg-1.0.3b.tar.gz.sig

Trustix recently released several updated packages:

RedHat

iputils: Fixes serveral problems in ping including a buffer overflow.
gnupg: Fixed a serious bug which could lead to false signature verification results when more than one signature is fed to gpg.

ypbind: Local root exploit. Linux ypbind

Users of TSL 1.0x and 1.1 that worry about local security should
definitely upgrade.

MD5sums:
9e2bbf3ddd728da4cbab3ece1ba390b7 gnupg-1.0.4-2tr.i586.rpm
43d503eb306f202c794ca064980574ad iputils-20001011-1tr.i586.rpm
8625657f6edea52b88e0cff1dfff4bb4 ypbind-3.3-29tr.i586.rpm

Get them at:
ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/ or
http://www.trustix.net/download/Trustix/updates/1.1/RPMS/

Conectiva Linux:

ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/gnupg-1.0.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/gnupg-1.0.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/gnupg-1.0.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/gnupg-1.0.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/gnupg-1.0.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/gnupg-1.0.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/gnupg-1.0.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/gnupg-1.0.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/gnupg-1.0.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/gnupg-1.0.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/gnupg-1.0.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/gnupg-1.0.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/gnupg-1.0.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/gnupg-1.0.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/gnupg-1.0.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/gnupg-1.0.4-1cl.i386.rpm


GNU GNU Privacy Guard 1.0

GNU GNU Privacy Guard 1.0.1

GNU GNU Privacy Guard 1.0.2

GNU GNU Privacy Guard 1.0.3


 

Privacy Statement
Copyright 2010, SecurityFocus