aru Posted May 22, 2003 Report Share Posted May 22, 2003 MandrakeSoft Security Advisory MDKSA-2003:061 : gnupg May 22nd, 2003 Updated gnupg packages fix validation bug A bug was discovered in GnuPG versions 1.2.1 and earlier. When gpg evaluates trust values for different UIDs assigned to a key, it would incorrectly associate the trust value of the UID with the highest trust value with every other UID assigned to that key. This prevents a warning message from being given when attempting to encrypt to an invalid UID, but due to the bug, is accepted as valid. Patches have been applied for version 1.0.7 and all users are encouraged to upgrade. The released versions of Mandrake GNU/Linux affected are: 8.2 [*] 8.2/PPC [*] 9.0 [*] 9.1 [*] 9.1/PPC [*] Multi Network Firewall 8.2 [*] Corporate Server 2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:061 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0255 http://lists.gnupg.org/pipermail/gnupg-ann...3q2/000268.html Posted automatically by aru (mdksec2mub v0.0.6) Link to comment Share on other sites More sharing options...
Recommended Posts