TLUG Mailing List

Mailing List Archive

tlug.jp Mailing List tlug archive tlug Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Gnupg serious security bug.

Date: Tue, 14 Mar 2006 11:22:21 +0900

From: Evan Monroig <evan.monroig@example.com>

Subject: Re: [tlug] Gnupg serious security bug.

References: <441615FA.2070600@example.com>

User-agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.4 (gnu/linux)
Edward Middleton <edward@example.com> writes:

> It must be the week for security blunder discoveries.  GnuPG has one as
> follows[1]
>
>     Signature verification of non-detached signatures may give a positive
>     result but when extracting the signed data, this data may be prepended
>     or appended with extra data not covered by the signature. Thus it is
>     possible for an attacker to take any signed message and inject extra
>     arbitrary data.

Wow ! Indeed..

If I understand it right, the way debian packages are signed is
"detached", so all debian packages that were signed until now are not
affected ?

Evan
References:

[tlug] Gnupg serious security bug.
From: Edward Middleton

Prev by Date: [tlug] Gnupg serious security bug.

Next by Date: [tlug] learning curves for common editors

Previous by thread: [tlug] Gnupg serious security bug.

Next by thread: [tlug] learning curves for common editors

Index(es):

Date

Thread

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links