Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora Core 5: 2006-868 Critical GnuPG Packet Parsing Exploit Fix

fedora
Calendar Grey August 2, 2006
Dist Fedora Esm H88
A recent GnuPG enhancement for Fedora Core 5 resolves issues related to packet interpretation, bolstering security measures. Don't miss the chance to upgrade to version 1.4.5 today.
This update upgrades GnuPG to version 1.4.5 to correct errors in the parsing of certain types of packets.

Summary

GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and

creating digital signatures. GnuPG has advanced key management

capabilities and is compliant with the proposed OpenPGP Internet

standard described in RFC2440. Since GnuPG doesn't use any patented

algorithm, it is not compatible with any version of PGP2 (PGP2.x uses

only IDEA for symmetric-key encryption, which is patented worldwide).

This update upgrades GnuPG to version 1.4.5 to correct

errors in the parsing of certain types of packets.

- rebuild

- reenable curl support

* Tue Aug 1 2006 Nalin Dahyabhai - 1.4.5-1

- update to 1.4.5, fixing additional size overflows in packet parsing (#200904,

CVE-2006-3746)

- temporarily disable curl support again

* Fri Jul 28 2006 Nalin Dahyabhai - 1.4.4.90-1

- update to 1.4.5rc1 to check for build problems, but mark it as 1.4.4.90

to avoid looking "newer" than the eventual 1.4.5

- because we call aclocal, buildrequire gettext-devel to get AM_GNU_GETTEXT

* Thu Jul 20 2006 Nalin Dahyabhai - 1.4.4-7

- add BuildPrereq on curl-devel to get curl's ipv6 support (#198375)

* Wed Jul 12 2006 Nalin Dahyabhai - 1.4.4-6

- fix a cast in gpgkeys_hkp to avoid tripping stack smashing or buffer overflow

detection (#198612)

* Wed Jul 12 2006 Jesse Keating - 1.4.4-5.1

- rebuild

* Wed Jul 5 2006 Nalin Dahyabhai - 1.4.4-5

- try again using per-platform buildprereq (jkeating)

* Wed Jul 5 2006 Nalin Dahyabhai - 1.4.4-4

- buildprereq libusb-devel, so that we get CCID support back (#197450)

* Mon Jun 26 2006 Nalin Dahyabhai - 1.4.4-3

- rebuild

* Mon Jun 26 2006 Nalin Dahyabhai - 1.4.4-2

- rebuild

* Mon Jun 26 2006 Nalin Dahyabhai - 1.4.4-1

- update to 1.4.4

* Tue Jun 20 2006 Nalin Dahyabhai - 1.4.3-5

- rebuild

* Tue Jun 20 2006 Nalin Dahyabhai - 1.4.3-4

- add patch from upstream to fix CVE-2006-3082 (#195946)

dab417f77fefbf6d15ede1e8dcf6fb580d10f444 SRPMS/gnupg-1.4.5-2.src.rpm

dab417f77fefbf6d15ede1e8dcf6fb580d10f444 noarch/gnupg-1.4.5-2.src.rpm

581d146dbae9924c3c73259382adb66c2ec1dea3 ppc/debug/gnupg-debuginfo-1.4.5-2.ppc.rpm

d0007f76d5e0c52b707ea67ee0de990dd56931c0 ppc/gnupg-1.4.5-2.ppc.rpm

419fc0100d2478ed05b4e1b0d89148fcd1225638 x86_64/gnupg-1.4.5-2.x86_64.rpm

e333312919512cf61b7dd80e8420cf9dea5ab183 x86_64/debug/gnupg-debuginfo-1.4.5-2.x86_64.rpm

6bf8b9b0f0bf974aeefd5dcfa9a7df9e4121b275 i386/debug/gnupg-debuginfo-1.4.5-2.i386.rpm

34b154d18c91fc305f824bf71e4151d7bd3f2f64 i386/gnupg-1.4.5-2.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory fedora gnupg critical packet parsing

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Name: gnupg
Version: 1.4.5
Release: 2
Summary: A GNU utility for secure communication and data storage.

Topics%20covered

Topics Covered

security advisory fedora gnupg critical packet parsing

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here