----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Minggu, 29 Oktober 2000 0:19 Subject: [CLSA-2000:334] Conectiva Linux Security Announcement - gnupg > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ----------------------------------------------------------------------- > CONECTIVA LINUX SECURITY ANNOUNCEMENT > - ----------------------------------------------------------------------- > > PACKAGE : gnupg > SUMMARY : Signature checking bug > DATE : 2000-10-28 15:15:00 > ID : CLSA-2000:334 > RELEVANT > RELEASES : 4.0, 4.0es, 4.1, 4.2, 5.0, prg gr�ficos, ecommerce, 5.1 > > - ---------------------------------------------------------------------- > > DESCRIPTION > gnupg up to and including version 1.0.3 has a flaw in the signature > checking code. This code does not work properly when there are > multiple signatures within the file. Gnupg can incorrectly report > some signatures to be valid even if that portion of the file has been > tampered with. > > > SOLUTION > All gnupg users should upgrade to the latest package. > > > DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES > ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/gnupg-1.0.4-1cl.src.rpm > ftp://atualizacoes.conectiva.com.br/4.0/i386/gnupg-1.0.4-1cl.i386.rpm > ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/gnupg-1.0.4-1cl.src.rpm > ftp://atualizacoes.conectiva.com.br/4.0es/i386/gnupg-1.0.4-1cl.i386.rpm > ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/gnupg-1.0.4-1cl.src.rpm > ftp://atualizacoes.conectiva.com.br/4.1/i386/gnupg-1.0.4-1cl.i386.rpm > ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/gnupg-1.0.4-1cl.src.rpm > ftp://atualizacoes.conectiva.com.br/4.2/i386/gnupg-1.0.4-1cl.i386.rpm > ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/gnupg-1.0.4-1cl.src.rpm > ftp://atualizacoes.conectiva.com.br/5.0/i386/gnupg-1.0.4-1cl.i386.rpm > ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/gnupg-1.0.4-1cl.src.rpm > ftp://atualizacoes.conectiva.com.br/5.1/i386/gnupg-1.0.4-1cl.i386.rpm > ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/gnupg-1.0.4- 1cl.src.rpm > ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/gnupg-1.0.4-1 cl.i386.rpm > ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/gnupg-1.0.4-1 cl.src.rpm > ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/gnupg-1.0.4-1c l.i386.rpm > > > - ---------------------------------------------------------------------- > All packages are signed with Conectiva's GPG key. The key can be > obtained at http://www.conectiva.com.br/contato > > - ----------------------------------------------------------------------- > All our advisories and generic update instructions can be viewed at > http://www.conectiva.com.br/suporte/atualizacoes > > - ---------------------------------------------------------------------- > subscribe: [EMAIL PROTECTED] > unsubscribe: [EMAIL PROTECTED] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.4 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iD8DBQE5+wqF42jd0JmAcZARAjksAKDacCp1naxQWw2NnBwxnTiwGI2nHwCgzFp6 > knJLl6CvybFdZVC+49tswsc= > =FEyi > -----END PGP SIGNATURE----- > -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
