Secunia Security Advisory - Mandriva has issued an update for gnupg and gpgme. This fixes a vulnerability, which potentially can be exploited by malicious people to bypass certain security restrictions when applications use GnuPG in an insecure manner.
320d9bdf657d36075a25c9dbf0e775edd25a13b611dcdeb57da41a3b3279da73
----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_vacancies/
Secunia is looking for new researchers with a reversing background
and experience in writing exploit code:
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
http://secunia.com/Disassembling_og_Reversing/
----------------------------------------------------------------------
TITLE:
Mandriva update for gnupg and gpgme
SECUNIA ADVISORY ID:
SA24407
VERIFY ADVISORY:
http://secunia.com/advisories/24407/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass
WHERE:
>From remote
OPERATING SYSTEM:
Mandriva Linux 2007
http://secunia.com/product/12165/
Mandriva Linux 2006
http://secunia.com/product/9020/
DESCRIPTION:
Mandriva has issued an update for gnupg and gpgme. This fixes a
vulnerability, which potentially can be exploited by malicious people
to bypass certain security restrictions when applications use GnuPG in
an insecure manner.
For more information:
SA24412
SOLUTION:
Apply updated packages.
Mandriva Linux 2006
ec697754fca080fa53c6c486cd91ba8c
2006.0/i586/gnupg-1.4.7-0.2.20060mdk.i586.rpm
f30ab12655598264c10cee92ed76c951
2006.0/SRPMS/gnupg-1.4.7-0.2.20060mdk.src.rpm
Mandriva Linux 2006/X86_64
845bfd1f359b7866e73ab2eb8b30b8fe
2006.0/x86_64/gnupg-1.4.7-0.2.20060mdk.x86_64.rpm
f30ab12655598264c10cee92ed76c951
2006.0/SRPMS/gnupg-1.4.7-0.2.20060mdk.src.rpm
Mandriva Linux 2007
c1b40e8866482c368aab5df228093ab3
2007.0/i586/gnupg-1.4.7-0.2mdv2007.0.i586.rpm
9dbf1a7a48aecb2ece048b47f4c7ade9
2007.0/i586/libgpgme11-1.1.2-2.1mdv2007.0.i586.rpm
3809f32ed3708606e6318fb7feed230d
2007.0/i586/libgpgme11-devel-1.1.2-2.1mdv2007.0.i586.rpm
62d991ccd15ca77ed37ccd4ca1bedba7
2007.0/SRPMS/gnupg-1.4.7-0.2mdv2007.0.src.rpm
31357e977acd83d777df2d77c22094f6
2007.0/SRPMS/gpgme-1.1.2-2.1mdv2007.0.src.rpm
Mandriva Linux 2007/X86_64
d5339dd2bc4146dd18c2ab3b4eca028d
2007.0/x86_64/gnupg-1.4.7-0.2mdv2007.0.x86_64.rpm
608bd0a86d6f83927466f23e7d73fa8d
2007.0/x86_64/lib64gpgme11-1.1.2-2.1mdv2007.0.x86_64.rpm
915d2d203fa41ce12bc661d1a89d563b
2007.0/x86_64/lib64gpgme11-devel-1.1.2-2.1mdv2007.0.x86_64.rpm
62d991ccd15ca77ed37ccd4ca1bedba7
2007.0/SRPMS/gnupg-1.4.7-0.2mdv2007.0.src.rpm
31357e977acd83d777df2d77c22094f6
2007.0/SRPMS/gpgme-1.1.2-2.1mdv2007.0.src.rpm
ORIGINAL ADVISORY:
http://www.mandriva.com/security/advisories?name=MDKSA-2007:059
OTHER REFERENCES:
SA24412:
http://secunia.com/advisories/24412/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------