Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Gentoo: 200305-04 Critical GnuPG Key Validity Bug Reported

gentoo
Calendar Grey May 16, 2003
Dist Gentoo Esm H88
Gentoo's advisory warns of a critical vulnerability in GnuPG affecting key validation, risking cryptographic security. Users must promptly update GnuPG and review logs.
As part of the development of GnuPG 1.2.2, a bug was discovered in the key validation code.

Summary


GENTOO LINUX SECURITY ANNOUNCEMENT 200305-04


- From advisory:

"As part of the development of GnuPG 1.2.2, a bug was discovered in the
key validation code.  This bug causes keys with more than one user ID
to give all user IDs on the key the amount of validity given to the
most-valid key."

Read the full advisory at 
http://marc.theaimsgroup.com/?l=bugtraq&m=105215110111174&w=2

SOLUTION

It is recommended that all Gentoo Linux users who are running
app-crypt/gnupg upgrade to gnupg-1.2.2 as follows:

emerge sync
emerge gnupg
emerge clean

aliz@gentoo.org - GnuPG key is available at

Topics%20covered

Topics Covered

security advisory gentoo gnupg key validity critical bug

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
critical
Lowest
Low
Medium
High
Critical

PACKAGE : gnupg
SUMMARY : key validity bug
DATE : 2003-05-16 11:55 UTC
VERSIONS AFFECTED : =gnupg-1.2.2
CVE : CAN-2003-0255

Topics%20covered

Topics Covered

security advisory gentoo gnupg key validity critical bug

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Related News

Your message here