---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_vacancies/ Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/ http://secunia.com/Linux_Security_Specialist/ ---------------------------------------------------------------------- TITLE: SUSE update for gpg SECUNIA ADVISORY ID: SA24734 VERIFY ADVISORY: http://secunia.com/advisories/24734/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: >From remote OPERATING SYSTEM: UnitedLinux 1.0 http://secunia.com/product/2003/ SuSE Linux Standard Server 8 http://secunia.com/product/2526/ SuSE Linux Openexchange Server 4.x http://secunia.com/product/2001/ SUSE Linux Enterprise Server 9 http://secunia.com/product/4118/ SuSE Linux Enterprise Server 8 http://secunia.com/product/1171/ SUSE Linux Enterprise Server 10 http://secunia.com/product/12192/ SuSE Linux Desktop 1.x http://secunia.com/product/2002/ SUSE Linux 9.3 http://secunia.com/product/4933/ SUSE Linux 10.1 http://secunia.com/product/10796/ SUSE Linux 10 http://secunia.com/product/6221/ openSUSE 10.2 http://secunia.com/product/13375/ DESCRIPTION: SUSE has issued an update for gpg. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions when applications use GnuPG in an insecure manner. For more information: SA24412 SOLUTION: Apply updated packages. x86 Platform: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/gpg-1.4.5-24.4.i586.rpm 7e8844844d89dec746bb0f2e6faecd4f SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/gpg-1.4.2-23.16.i586.rpm 0a26653f3fa65d46e4e192539c7ace01 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/gpg-1.4.2-5.14.i586.rpm 758b8a3198153d484ec09a6b1d760fb2 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/gpg-1.4.0-4.14.i586.rpm 447e593b1328e0a8c0900c525be488f5 Power PC Platform: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/gpg-1.4.5-24.4.ppc.rpm 2a709e1eb6a22ace9eeba678a771ccff SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/gpg-1.4.2-23.16.ppc.rpm 0258f25101194c8ed1d39511748baef5 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/gpg-1.4.2-5.14.ppc.rpm d8c8873e538881723d7b98cafc6402ea x86-64 Platform: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/gpg-1.4.5-24.4.x86_64.rpm 2535c0dd40a972c7e028ac0d60d00aeb SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/gpg-1.4.2-23.16.x86_64.rpm 88ab493766d181b2aeb85e9ba41d0f04 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/gpg-1.4.2-5.14.x86_64.rpm c8abc6fc65e284c64f4259d8d50dd1b8 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/gpg-1.4.0-4.14.x86_64.rpm 0c5aa6ad775f5746256d7960adbeb86b Sources: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/gpg-1.4.5-24.4.src.rpm 3fd3ae52f6a004a24d2fd4d822a88d67 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/gpg-1.4.2-23.16.src.rpm b691ff4ff478979dfe5dc1e0f6534272 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/gpg-1.4.2-5.14.src.rpm e05305b96b232bef94eaa06249471c51 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/gpg-1.4.0-4.14.src.rpm 9bc52a7b1845bbeb23858b92696fe67b UnitedLinux 1.0 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.html SuSE Linux Openexchange Server 4 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.html Open Enterprise Server http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.html Novell Linux POS 9 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.html Novell Linux Desktop 9 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.html SuSE Linux Enterprise Server 8 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.html SuSE Linux Standard Server 8 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.html SuSE Linux School Server http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.html SUSE LINUX Retail Solution 8 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.html SuSE Linux Desktop 1.0 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.html SUSE SLES 10 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.html SUSE SLED 10 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.html SUSE SLES 9 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.html ORIGINAL ADVISORY: http://lists.suse.com/archive/suse-security-announce/2007-Mar/0008.html OTHER REFERENCES: SA24412: http://secunia.com/advisories/24412/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------