What Are You Looking For?

Sign Up

- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200305-04
- - - ---------------------------------------------------------------------

          PACKAGE : gnupg
          SUMMARY : key validity bug
             DATE : 2003-05-16 11:55 UTC
VERSIONS AFFECTED : =gnupg-1.2.2
              CVE : CAN-2003-0255

- - - ---------------------------------------------------------------------

- From advisory:

"As part of the development of GnuPG 1.2.2, a bug was discovered in the
key validation code.  This bug causes keys with more than one user ID
to give all user IDs on the key the amount of validity given to the
most-valid key."

Read the full advisory at 
http://marc.theaimsgroup.com/?l=bugtraq&m=105215110111174&w=2

SOLUTION

It is recommended that all Gentoo Linux users who are running
app-crypt/gnupg upgrade to gnupg-1.2.2 as follows:

emerge sync
emerge gnupg
emerge clean

- - - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at   
- - - ---------------------------------------------------------------------

Gentoo: gnupg key validation bug

As part of the development of GnuPG 1.2.2, a bug was discovered in the key validation code.

Summary


GENTOO LINUX SECURITY ANNOUNCEMENT 200305-04


- From advisory:

"As part of the development of GnuPG 1.2.2, a bug was discovered in the
key validation code.  This bug causes keys with more than one user ID
to give all user IDs on the key the amount of validity given to the
most-valid key."

Read the full advisory at 
http://marc.theaimsgroup.com/?l=bugtraq&m=105215110111174&w=2

SOLUTION

It is recommended that all Gentoo Linux users who are running
app-crypt/gnupg upgrade to gnupg-1.2.2 as follows:

emerge sync
emerge gnupg
emerge clean

aliz@gentoo.org - GnuPG key is available at

Resolution

References

Availability

Concerns

Severity
PACKAGE : gnupg
SUMMARY : key validity bug
DATE : 2003-05-16 11:55 UTC
VERSIONS AFFECTED : =gnupg-1.2.2
CVE : CAN-2003-0255

Synopsis

Background

Affected Packages

Impact

Workaround

Related News

Cryptsetup Lands Support For OPAL Self Encrypting Drives

Aug 21, 2023

Mirai-based DDoS Attackers Aggressively Adopted New Router Exploits

Oct 10, 2023

What is LEMP Stack?

Sep 8, 2023

Critical LibreOffice Code Execution Vuln Fixed

Jun 8, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo