Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 555
Alerts This Week
Warning Icon 1 555

Debian: DSA 429-2 Moderate: GnuPG ElGamal Key Compromise

debian
Calendar Grey February 18, 2004
Debian Logo
- -------------------------------------------------------------------------- Debian Security Advisor
Phong Nguyen identified a severe bug in the way GnuPG creates and usesElGamal keys for signing.

Summary

Phong Nguyen identified a severe bug in the way GnuPG creates and uses
ElGamal keys for signing. This is a significant security failure
which can lead to a compromise of almost all ElGamal keys used for
signing.

The update provided in DSA 459-1 disables the use of this type of key,
using an interim fix. This update, DSA 459-2, implements a more
correct and permanent fix provided by David Shaw.

For the current stable distribution (woody) this problem has been
fixed in version 1.0.6-4woody3.

We recommend that you update your gnupg package.

Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 ...

Read the Full Advisory

Package: gnupg

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.