[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-dev
Subject:    [gentoo-dev] GnuPG Vulnerability (upgrade available)
From:       Ben Lutgens <blutgens () sistina ! com>
Date:       2001-05-30 7:17:02
[Download RAW message or body]


Hi all, I found out via bugtraq mailing list this morning that gnupg-1.0.5 and
earlier have a vulnerability that will let someone gain unauthorized access. I
don't have a link for you because the archives haven't been updated on
securityfocus.com. You may upgrade via portage in about a half hour when the
rsync tree gets updated. The package you want is app-crypt/gnupg-1.0.6. I
still didn't add the SUID to the gpg binary, I figure I'll leave that up to
the installer. It'll still work, but will not be able to use secure memory
when run as a normal user.

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]