Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[tlug] Gnupg serious security bug.
- Date: Tue, 14 Mar 2006 10:01:46 +0900
- From: Edward Middleton <edward@example.com>
- Subject: [tlug] Gnupg serious security bug.
- User-agent: Mail/News 1.5 (X11/20060214)
It must be the week for security blunder discoveries. GnuPG has one as
follows[1]
Signature verification of non-detached signatures may give a positive
result but when extracting the signed data, this data may be prepended
or appended with extra data not covered by the signature. Thus it is
possible for an attacker to take any signed message and inject extra
arbitrary data.
It is fixed in version version 1.4.2.2.
Edward
1. http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html
- Follow-Ups:
- Re: [tlug] Gnupg serious security bug.
- From: Evan Monroig
- Re: [tlug] Gnupg serious security bug.
- Prev by Date: Re: [tlug] Fwd: Re: [linuxNUS] Possible HUGE Security Flaw inUbuntu Breezy (and maybe other versions)
- Next by Date: Re: [tlug] Gnupg serious security bug.
- Previous by thread: Re: [tlug] Translation
- Next by thread: Re: [tlug] Gnupg serious security bug.
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |