[Pardus-security] [PLSA-2007-44] gnupg: Signed message forgery
Ismail Dönmez
ismail at pardus.org.tr
Fri Mar 16 16:01:43 EET 2007
-------------------------------------------------------------------------------------
Pardus Linux Security Advisory 2007-44 security at pardus.org.tr
-------------------------------------------------------------------------------------
Date: 2007-03-16
Revision: 1
Severity: 5
Type: Remote
-------------------------------------------------------------------------------------
Summary
=======
Its possible to forge signed messages by injecting plain text
Description
===========
GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the
command line, does not visually distinguish signed and unsigned portions
of OpenPGP messages with multiple components, which might allow remote
attackers to forge the contents of a message without detection.
Affected packages:
gpgme, all before 1.1.4-5
Resolution
==========
There are update(s) for gpgme. You can update them via Package Manager
or with a single command from console:
pisi up gpgme
References
==========
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1263
-------------------------------------------------------------------------------------
-------------- sonraki bölüm --------------
Yaz� olmayan bir eklenti temizlendi...
�sim: kullan�lam�yor
T�r: application/pgp-signature
Boyut: 189 bayt
Tan�m: kullan�lam�yor
Url: http://liste.uludag.org.tr/pardus-security/attachments/20070316/28dacc33/attachment.pgp
More information about the Pardus-security
mailing list