|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2007-0009
Package names: gnupg, php4
Summary: Multiple vulnerabilities
Date: 2007-03-09
Affected versions: Trustix Secure Linux 2.2
Trustix Secure Linux 3.0
Trustix Secure Linux 3.0.5
Trustix Operating System - Enterprise Server 2
- --------------------------------------------------------------------------
Package description:
gnupg
GnuPG is a complete and free replacement for PGP. Because it does not
use IDEA it can be used without any restrictions. GnuPG is in compliance
with the OpenPGP specification (RFC2440).
php4
PHP is an HTML-embedded scripting language. PHP attempts to make
it easy for developers to write dynamically generated web pages.
PHP also offers built-in database integration for several commercial
and non-commercial database management systems, so writing a
database-enabled web page with PHP is fairly simple. The most
common use of PHP coding is probably as a replacement for CGI
scripts. The mod_php module enables the Apache web server to
understand and process the embedded PHP language in web pages.
Problem description:
gnupg < TSL 3.0.5 > < TSL 3.0 >
- New Upstream.
- SECURITY Fix: GnuPG 1.4.6 and earlier, when run from the command
line, does not visually distinguish signed and unsigned portions
of OpenPGP messages with multiple components, which might allow
remote attackers to forge the contents of a message without
detection.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-1263 to this issue.
php4 < TSL 2.2 > < TSEL 2 >
- New Upstream.
- Fixes crash problem with the session extension when register_globals
is turned on.
- SECURITY Fix: Several vulnerabilities have been reported in PHP,
which can be exploited by malicious people to disclose potentially
sensitive information, cause a DoS and potentially compromise a
vulnerable system. (SA24089)
Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location:
All Trustix Secure Linux updates are available from