GnuPG External HKP Format String Vulnerability

GnuPG External HKP Format String Vulnerability

Solution:
Sun have released fixes to address this issue in Sun Cobalt RaQ XTR and Qube 3 products. Fixes are linked below.

SuSE has released an advisory (SuSE-SA:2003:048) that includes fixes for this issue. Please see the attached advisory for details on obtaining and applying fixes.

The vendor has addressed this issue in CVS for the 1.2 stable branch. Version 1.3.4 was also released to address this issue in the 1.3 development branch.

Gentoo has released an advisory (200312-05) to address this issue. All Gentoo Linux systems should be updated to use gnupg-1.2.3-r5 or higher as follows:

emerge sync
emerge -pv '>=app-crypt/gnupg-1.2.3-r5'
emerge '>=app-crypt/gnupg-1.2.3-r5'
emerge clean

Sun Cobalt Qube 3

Sun Qube3-All-Security-4.0.1-16674.pkg
http://ftp.cobalt.sun.com/pub/packages/qube3/ml/Qube3-All-Security-4.0 .1-16674.pkg

Sun Cobalt RaQ XTR

Sun RaQXTR-All-Security-1.0.1-16674.pkg
http://ftp.cobalt.sun.com/pub/packages/raqxtr/eng/RaQXTR-All-Security- 1.0.1-16674.pkg

GNU GNU Privacy Guard 1.2.2

SuSE gpg-1.2.2-117.x86_64.patch.rpm
Patch RPM.
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/gpg-1.2.2-117 .x86_64.patch.rpm

SuSE gpg-1.2.2-117.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/gpg-1.2.2-117 .x86_64.rpm

SuSE gpg-1.2.2-121.i586.patch.rpm
Patch RPM.
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/gpg-1.2.2-121.i58 6.patch.rpm

SuSE gpg-1.2.2-121.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/gpg-1.2.2-121.i58 6.rpm

GNU GNU Privacy Guard 1.2.2 -rc1

SuSE gpg-1.2.2rc1-98.i586.patch.rpm
Patch RPM.
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/gpg-1.2.2rc1-98.i 586.patch.rpm

SuSE gpg-1.2.2rc1-98.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/gpg-1.2.2rc1-98.i 586.rpm