Home > Security > Advisories


Mandriva Advisories

Package name gnupg
Date December 20th, 2000
Advisory ID MDKSA-2000:087
Affected versions 7.0, 7.1, 7.2
Synopsis Updated gnupg packages fix problem importing private keys along with public keys

Problem Description

When importing keys from public key servers, GnuPG will import private
keys (also known as secret keys) in addition to public keys. If this
happens, the user's web of trust becomes corrupt. Additionally, when
used to check detached signatures, if the data file being checked
contains clearsigned data, GnuPG will not warn the user if the detached
signature is incorrect.

Updated Packages

Mandrakelinux 7.0

 cf39b3d9baf91db3f5272d60672dc756  7.0/RPMS/gnupg-1.0.4-3.2mdk.i586.rpm
6d4087bd4aa40a54fe8e13dba15253c6  7.0/SRPMS/gnupg-1.0.4-3.2mdk.src.rpm

Mandrakelinux 7.1

 2f3d02b9fefbe27a8802c7215b9677c2  7.1/RPMS/gnupg-1.0.4-3.2mdk.i586.rpm
6d4087bd4aa40a54fe8e13dba15253c6  7.1/SRPMS/gnupg-1.0.4-3.2mdk.src.rpm

Mandrakelinux 7.2

 5315e438e24104ad16428845bedc5f07  7.2/RPMS/gnupg-1.0.4-3.1mdk.i586.rpm
582ad67607ebf93a174aa9d3905673d9  7.2/SRPMS/gnupg-1.0.4-3.1mdk.src.rpm


To upgrade automatically, use MandrivaUpdate.


Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.