Alerts This Week
Warning Icon 1 700
Alerts This Week
Warning Icon 1 700

Gentoo: GLSA-200312-06 Critical: OpenSSL Client Key Exposure

gentoo
Calendar Grey December 12, 2003
Dist Gentoo Esm H88
GnuPG security alert highlights vulnerabilities in DSA keys within release 2.0.5. Users must upgrade promptly to ensure protection.
Two flaws have been found in GnuPG 1.2.3

Summary


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200312-05
- --------------------------------------------------------------------------

GLSA:        200312-05
Package:     app-crypt/gnupg
Summary:     GnuPG ElGamal signing keys compromised and
                format string vulnerability
Severity:    minimal
Gentoo bug:  34504, 35639
Date:        2003-12-12
CVE:         CAN-2003-0971, CAN-2003-0978
Exploit:     unknown
Affected:    <=1.2.3-r4
Fixed:       >=1.2.3-r5


DESCRIPTION:

Two flaws have been found in GnuPG 1.2.3.

First, ElGamal signing keys can be compromised. These keys are not
commonly used. Quote from
:

   "Phong Nguyen identified a severe bug in the way GnuPG creates and
   uses ElGamal keys for signing. This is a significant security
   failure which can lead to a compromise of almost all ElGamal keys
   used for signing. Note that this is a real world vulne...
Read the Full Advisory
Topics%20covered

Topics Covered

security advisory minimal severity gentoo gnupg format string key compromise ElGamal

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
critical
Lowest
Low
Medium
High
Critical


Warning: Undefined array key "advisory_info" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/3997537_4c9dbbdde36eef04251a4ced7eac4df9 on line 11

Topics%20covered

Topics Covered

security advisory minimal severity gentoo gnupg format string key compromise ElGamal

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Related News

Your message here