Advisories

Mandriva Advisories

Package name	gnupg
Date	May 30th, 2001
Advisory ID	MDKSA-2001:053
Affected versions	7.1, 7.2, 8.0, CS1.0
Synopsis	Updated gnupg packages fix a format string vulnerability

Problem Description

A format string vulnerability exists in gnupg 1.0.5 and previous
versions which is fixed in 1.0.6. This vulnerability can be used to
invoke shell commands with privileges of the currently logged-in user.

Updated Packages

Mandrakelinux 7.1

 6bce2d70a906e30605fa021e6d987f61  7.1/RPMS/gnupg-1.0.6-1.2mdk.i586.rpm
25735e364ecdff216d7b2bbfa1ef17fd  7.1/SRPMS/gnupg-1.0.6-1.2mdk.src.rpm

Mandrakelinux 7.2

 cab7e68386a371f4f0ae8734f5601900  7.2/RPMS/gnupg-1.0.6-1.1mdk.i586.rpm
fe11e9355dd81b4840bc495c640984a6  7.2/SRPMS/gnupg-1.0.6-1.1mdk.src.rpm

Mandrakelinux 8.0

 6a7527d8f95f6d45a0f6af6aa42f3661  8.0/RPMS/gnupg-1.0.6-1.1mdk.i586.rpm
fe11e9355dd81b4840bc495c640984a6  8.0/SRPMS/gnupg-1.0.6-1.1mdk.src.rpm

Corporate Server 1.0.1

 6bce2d70a906e30605fa021e6d987f61  1.0.1/RPMS/gnupg-1.0.6-1.2mdk.i586.rpm
25735e364ecdff216d7b2bbfa1ef17fd  1.0.1/SRPMS/gnupg-1.0.6-1.2mdk.src.rpm

References

http://archives.indenial.com/hypermail/bugtraq/2001/May2001/0275.html

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer