----------------------------------------------------------------------

Want a new job?
http://secunia.com/secunia_vacancies/

Secunia is looking for new researchers with a reversing background
and experience in writing exploit code:
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
http://secunia.com/Disassembling_og_Reversing/

----------------------------------------------------------------------

TITLE:
Mandriva update for gnupg and gpgme

SECUNIA ADVISORY ID:
SA24407

VERIFY ADVISORY:
http://secunia.com/advisories/24407/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass

WHERE:
>From remote

OPERATING SYSTEM:
Mandriva Linux 2007
http://secunia.com/product/12165/
Mandriva Linux 2006
http://secunia.com/product/9020/

DESCRIPTION:
Mandriva has issued an update for gnupg and gpgme. This fixes a
vulnerability, which potentially can be exploited by malicious people
to bypass certain security restrictions when applications use GnuPG in
an insecure manner.

For more information:
SA24412

SOLUTION:
Apply updated packages.

Mandriva Linux 2006

ec697754fca080fa53c6c486cd91ba8c 
2006.0/i586/gnupg-1.4.7-0.2.20060mdk.i586.rpm
f30ab12655598264c10cee92ed76c951 
2006.0/SRPMS/gnupg-1.4.7-0.2.20060mdk.src.rpm

Mandriva Linux 2006/X86_64

845bfd1f359b7866e73ab2eb8b30b8fe 
2006.0/x86_64/gnupg-1.4.7-0.2.20060mdk.x86_64.rpm
f30ab12655598264c10cee92ed76c951 
2006.0/SRPMS/gnupg-1.4.7-0.2.20060mdk.src.rpm

Mandriva Linux 2007

c1b40e8866482c368aab5df228093ab3 
2007.0/i586/gnupg-1.4.7-0.2mdv2007.0.i586.rpm
9dbf1a7a48aecb2ece048b47f4c7ade9 
2007.0/i586/libgpgme11-1.1.2-2.1mdv2007.0.i586.rpm
3809f32ed3708606e6318fb7feed230d 
2007.0/i586/libgpgme11-devel-1.1.2-2.1mdv2007.0.i586.rpm
62d991ccd15ca77ed37ccd4ca1bedba7 
2007.0/SRPMS/gnupg-1.4.7-0.2mdv2007.0.src.rpm
31357e977acd83d777df2d77c22094f6 
2007.0/SRPMS/gpgme-1.1.2-2.1mdv2007.0.src.rpm

Mandriva Linux 2007/X86_64

d5339dd2bc4146dd18c2ab3b4eca028d 
2007.0/x86_64/gnupg-1.4.7-0.2mdv2007.0.x86_64.rpm
608bd0a86d6f83927466f23e7d73fa8d 
2007.0/x86_64/lib64gpgme11-1.1.2-2.1mdv2007.0.x86_64.rpm
915d2d203fa41ce12bc661d1a89d563b 
2007.0/x86_64/lib64gpgme11-devel-1.1.2-2.1mdv2007.0.x86_64.rpm
62d991ccd15ca77ed37ccd4ca1bedba7 
2007.0/SRPMS/gnupg-1.4.7-0.2mdv2007.0.src.rpm
31357e977acd83d777df2d77c22094f6 
2007.0/SRPMS/gpgme-1.1.2-2.1mdv2007.0.src.rpm

ORIGINAL ADVISORY:
http://www.mandriva.com/security/advisories?name=MDKSA-2007:059

OTHER REFERENCES:
SA24412:
http://secunia.com/advisories/24412/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------