Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Red Hat Linux 6.2, 7: RHSA-2000:089-04 Critical GnuPG Bug

red hat
Calendar Grey October 20, 2000
Dist Redhat Esm H88
Updated GnuPG packages for CentOS address an issue with signature verification tied to multiple keys.
A verification bug has been found in GnuPG versions up to and including 1.0.3.

Solution

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed ( for more info):

19312 - GnuPG signature verification bug


6. RPMs required:

Red Hat Linux 6.2:

alpha:

sparc:

i386:

sources:

Red Hat Linux 7.0:

i386:

sources:

7. Verification:

MD5 sum Package Name db4be5be1d5b9643927d193096db3489 6.2/SRPMS/gnupg-1.0.4-4.6.x.src.rpm 204298ddaaa03d880099ee7c2129f8da 6.2/alpha/gnupg-1.0.4-4.6.x.alpha.rpm 7a8aecf95b78e5a94468426bb8cfafba 6.2/i386/gnupg-1.0.4-4.6.x.i386.rpm 427e64e2057c003c9f8e0fe05e72e168 6.2/sparc/gnupg-1.0.4-4.6.x.sparc.rpm ee35a93aefd926f4b9528b371c08c584 7.0/SRPMS/gnupg-1.0.4-5.src.rpm fc0d8aec076b4a9b8ed526a9ec5323a1 7.0/i386/gnupg-1.0.4-5.i386.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:

You can verify each package with the following command: rpm --checksig

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

Summary

References

Copyright(c) 2000 Red Hat, Inc. `

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2000:089-04
Issue date: 2000-10-18
Updated on: 2000-10-20
Product: Red Hat Linux
Keywords: gnupg signature
Cross references: N/A

Topic

Relevant Releases Architectures

Red Hat Linux 6.2 - i386, alpha, sparc

Red Hat Linux 7.0 - i386

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here