aru Posted February 17, 2006 Report Share Posted February 17, 2006 Mandriva Advisories MDKSA-2006:043 : gnupg Updated gnupg packages fix signature file verification vulnerability February 17th, 2006 Tavis Ormandy discovered it is possible to make gpg incorrectly return success when verifying an invalid signature file. The updated packages have been patched to address this issue. The released versions of Mandriva GNU/Linux affected are: 10.1 CS2.1 CS3.0 MNF2.0 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:043 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0455 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $) Link to comment Share on other sites More sharing options...
Recommended Posts