Advisories | Mandriva

Navigation

Package name	gnupg
Date	March 13th, 2006
Advisory ID	MDKSA-2006:055
Affected versions	CS3.0, MNF2.0, 10.2, 2006.0

Problem Description

Another vulnerability, different from that fixed in MDKSA-2006:043
(CVE-2006-0455), was discovered in gnupg in the handling of signature
files.

This vulnerability is corrected in gnupg 1.4.2.2 which is being
provided with this update.

Updated Packages

Corporate Server 3.0

 cd7fbec4de29eabcc31fdeb90e05f674  corporate/3.0/RPMS/gnupg-1.4.2.2-0.1.C30mdk.i586.rpm
 54fa6da091d1124b661a9fbc4f21abe1  corporate/3.0/SRPMS/gnupg-1.4.2.2-0.1.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 f43a3a505f7874324542f16398243786  x86_64/corporate/3.0/RPMS/gnupg-1.4.2.2-0.1.C30mdk.x86_64.rpm
 54fa6da091d1124b661a9fbc4f21abe1  x86_64/corporate/3.0/SRPMS/gnupg-1.4.2.2-0.1.C30mdk.src.rpm

Multi Network Firewall 2.0

 3a998c3c9451bba3ac118df3a8b74955  mnf/2.0/RPMS/gnupg-1.4.2.2-0.1.M20mdk.i586.rpm
 18cfe29d05e64e08c77bab8683517798  mnf/2.0/SRPMS/gnupg-1.4.2.2-0.1.M20mdk.src.rpm

Mandriva Linux LE2005

 78bc5edadc4c09cc79301e92e769792b  10.2/RPMS/gnupg-1.4.2.2-0.1.102mdk.i586.rpm
 a64138f15d9d24c9fd342a9d58739629  10.2/SRPMS/gnupg-1.4.2.2-0.1.102mdk.src.rpm

Mandriva Linux LE2005/X86_64

 921557b980e6831d91f67c1be03ff221  x86_64/10.2/RPMS/gnupg-1.4.2.2-0.1.102mdk.x86_64.rpm
 a64138f15d9d24c9fd342a9d58739629  x86_64/10.2/SRPMS/gnupg-1.4.2.2-0.1.102mdk.src.rpm

Mandriva Linux 2006

 ff09cfa3b8f71b9e5ddf4a7639696b9d  2006.0/RPMS/gnupg-1.4.2.2-0.1.20060mdk.i586.rpm
 22b6b9305f47570652dc276cf8f18401  2006.0/SRPMS/gnupg-1.4.2.2-0.1.20060mdk.src.rpm

Mandriva Linux 2006/X86_64

 388c4bca33be3cccb9a44e87b1a34964  x86_64/2006.0/RPMS/gnupg-1.4.2.2-0.1.20060mdk.x86_64.rpm
 22b6b9305f47570652dc276cf8f18401  x86_64/2006.0/SRPMS/gnupg-1.4.2.2-0.1.20060mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0049

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

		rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.