What Are You Looking For?

Sign Up

- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200307-06
- - ---------------------------------------------------------------------

          PACKAGE : gnupg
          SUMMARY : gpg setgid
             DATE : 2003-07-19 14:27 UTC
          EXPLOIT : local
VERSIONS AFFECTED : =gnupg-1.2.2-r1
              CVE :

- - ---------------------------------------------------------------------

gpg needs to be setuid to make use of protected memory space, however the
setgid bit allowed gpg user to overwrite goup root writable files and is
therefor unnecessary.

SOLUTION

It is recommended that all Gentoo Linux users who are running
app-crypt/gnupg upgrade to gnupg-1.2.2-r1 as follows

emerge sync
emerge gnupg
emerge clean

- - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at   
taviso@gentoo.org
- - ---------------------------------------------------------------------

Gentoo: gnupg Unauthorized acess

gpg needs to be setuid to make use of protected memory space, however thesetgid bit allowed gpg user to overwrite goup root writable files and istherefore unnecessary.

Summary


- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200307-06
- - ---------------------------------------------------------------------

- - ---------------------------------------------------------------------

gpg needs to be setuid to make use of protected memory space, however the
setgid bit allowed gpg user to overwrite goup root writable files and is
therefor unnecessary.

SOLUTION

It is recommended that all Gentoo Linux users who are running
app-crypt/gnupg upgrade to gnupg-1.2.2-r1 as follows

emerge sync
emerge gnupg
emerge clean

- - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at   
taviso@gentoo.org
- - ---------------------------------------------------------------------

Resolution

References

Availability

Concerns

Severity
PACKAGE : gnupg
SUMMARY : gpg setgid
DATE : 2003-07-19 14:27 UTC
EXPLOIT : local
VERSIONS AFFECTED : =gnupg-1.2.2-r1
CVE :

Synopsis

Background

Affected Packages

Impact

Workaround

Related News

GNOME Linux Systems Exposed to RCE Attacks Via File Downloads

Oct 9, 2023

Critical Memory Safety Bug, Other Severe Vulns Fixed in Thunderbird

Sep 15, 2023

Linux’s sudo and su Are Being Rewritten in Rust

May 2, 2023

Remotely Exploitable DoS, Request Smuggling Netty Vulns Fixed

May 4, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo