Vulnerability
GnuPG
Affected
GnuPG
Description
When importing keys from public key servers, GnuPG will import
private keys (also known as secret keys) in addition to public
keys. If this happens, the user's web of trust becomes
corrupted. Additionally, when used to check detached signatures,
if the data file being checked contained clearsigned data, GnuPG
would not warn the user if the detached signature was incorrect.
Florian Weimer discovered that gpg would import secret keys from
key-servers.
Solution
For RedHat:
ftp://updates.redhat.com//6.2/SRPMS/gnupg-1.0.4-8.6.x.src.rpm
ftp://updates.redhat.com//6.2/alpha/gnupg-1.0.4-8.6.x.alpha.rpm
ftp://updates.redhat.com//6.2/i386/gnupg-1.0.4-8.6.x.i386.rpm
ftp://updates.redhat.com//6.2/sparc/gnupg-1.0.4-8.6.x.sparc.rpm
ftp://updates.redhat.com//7.0/SRPMS/gnupg-1.0.4-8.6.x.src.rpm
ftp://updates.redhat.com//7.0/SRPMS/gnupg-1.0.4-9.src.rpm
ftp://updates.redhat.com//7.0/alpha/gnupg-1.0.4-9.alpha.rpm
ftp://updates.redhat.com//7.0/i386/gnupg-1.0.4-9.i386.rpm
For Trustix:
For version 1.2: RPMS/gnupg-1.0.4-4tr.i586.rpm
SRPMS/gnupg-1.0.4-4tr.src.rpm
For version 1.1 and 1.0x:
RPMS/gnupg-1.0.4-4tr.i586.rpm
SRPMS/gnupg-1.0.4-4tr.src.rpm
Get the updates here:
http://www.trustix.net/pub/Trustix/updates/
ftp://ftp.trustix.net/pub/Trustix/updates/
Users of 1.0x should as always use the update for 1.1.
For Linux-Mandrake:
Linux-Mandrake 7.0: 7.0/RPMS/gnupg-1.0.4-3.2mdk.i586.rpm
7.0/SRPMS/gnupg-1.0.4-3.2mdk.src.rpm
Linux-Mandrake 7.1: 7.1/RPMS/gnupg-1.0.4-3.2mdk.i586.rpm
7.1/SRPMS/gnupg-1.0.4-3.2mdk.src.rpm
Linux-Mandrake 7.2: 7.2/RPMS/gnupg-1.0.4-3.1mdk.i586.rpm
7.2/SRPMS/gnupg-1.0.4-3.1mdk.src.rpm
For Debian:
http://security.debian.org/dists/stable/updates/main/source/gnupg_1.0.4-1.1.diff.gz
http://security.debian.org/dists/stable/updates/main/source/gnupg_1.0.4-1.1.dsc
http://security.debian.org/dists/stable/updates/main/source/gnupg_1.0.4.orig.tar.gz
http://security.debian.org/dists/stable/updates/main/binary-alpha/gnupg_1.0.4-1.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/gnupg_1.0.4-1.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/gnupg_1.0.4-1.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/gnupg_1.0.4-1.1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/gnupg_1.0.4-1.1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/gnupg_1.0.4-1.1_sparc.deb
For Conectiva Linux:
ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/gnupg-1.0.4-5cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/gnupg-1.0.4-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/gnupg-1.0.4-5cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/gnupg-1.0.4-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/gnupg-1.0.4-5cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/gnupg-1.0.4-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/gnupg-1.0.4-5cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/gnupg-1.0.4-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/gnupg-1.0.4-5cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/gnupg-1.0.4-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/gnupg-1.0.4-5cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/gnupg-1.0.4-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/gnupg-1.0.4-5cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/gnupg-1.0.4-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/gnupg-1.0.4-5cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/gnupg-1.0.4-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/gnupg-1.0.4-5cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/gnupg-1.0.4-5cl.i386.rpm
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH
