Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Fedora Core 4: FEDORA-2006-867 Critical GnuPG Packet Parsing Issue

fedora
Calendar Grey August 2, 2006
Dist Fedora Esm H88
This modification improves OpenSSL safety by fixing protocol handling flaws in Ubuntu 20.04 to guarantee dependable data protection.
This update upgrades GnuPG to version 1.4.5 to correct errors in the parsing of certain types of packets.

Summary

GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and

creating digital signatures. GnuPG has advanced key management

capabilities and is compliant with the proposed OpenPGP Internet

standard described in RFC2440. Since GnuPG doesn't use any patented

algorithm, it is not compatible with any version of PGP2 (PGP2.x uses

only IDEA for symmetric-key encryption, which is patented worldwide).

This update upgrades GnuPG to version 1.4.5 to correct

errors in the parsing of certain types of packets.

- update to 1.4.5, fixing additional size overflows in packet parsing (#200904,

CVE-2006-3746)

- temporarily disable curl support again

* Fri Jul 28 2006 Nalin Dahyabhai - 1.4.4.90-1

- update to 1.4.5rc1 to check for build problems, but mark it as 1.4.4.90

to avoid looking "newer" than the eventual 1.4.5

- because we call aclocal, buildrequire gettext-devel to get AM_GNU_GETTEXT

* Thu Jul 20 2006 Nalin Dahyabhai - 1.4.4-7

- add BuildPrereq on curl-devel to get curl's ipv6 support (#198375)

* Wed Jul 12 2006 Nalin Dahyabhai - 1.4.4-6

- fix a cast in gpgkeys_hkp to avoid tripping stack smashing or buffer overflow

detection (#198612)

* Wed Jul 12 2006 Jesse Keating - 1.4.4-5.1

- rebuild

* Wed Jul 5 2006 Nalin Dahyabhai - 1.4.4-5

- try again using per-platform buildprereq (jkeating)

* Wed Jul 5 2006 Nalin Dahyabhai - 1.4.4-4

- buildprereq libusb-devel, so that we get CCID support back (#197450)

26bc9d57735eb1c63ae4e1d55df54f5e5087eca6 SRPMS/gnupg-1.4.5-1.src.rpm

26bc9d57735eb1c63ae4e1d55df54f5e5087eca6 noarch/gnupg-1.4.5-1.src.rpm

4b41734de88e5971df3de2c300cd5b456fdbbb6c ppc/gnupg-1.4.5-1.ppc.rpm

a94d164ae439ed9206d5a901ccba4460f54d663a ppc/debug/gnupg-debuginfo-1.4.5-1.ppc.rpm

7b6e44243e938584f2eb156de9d6505016e0bd49 x86_64/gnupg-1.4.5-1.x86_64.rpm

9b4881a351a4f2773ebd646763c704ef9d9dd284 x86_64/debug/gnupg-debuginfo-1.4.5-1.x86_64.rpm

7c91efa6c1c1e69b99058985240a69fb027a1c05 i386/gnupg-1.4.5-1.i386.rpm

81699767c708a5e5fc16fb52a055e91c598b66aa i386/debug/gnupg-debuginfo-1.4.5-1.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory software upgrade Fedora Core packet parsing GnuPG update

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Name: gnupg
Version: 1.4.5
Release: 1
Summary: A GNU utility for secure communication and data storage.

Topics%20covered

Topics Covered

security advisory software upgrade Fedora Core packet parsing GnuPG update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here