When printing a text stream with a GPG signature it was possible for an attacker to create a stream with “unsigned text, signed text” where both unsigned and signed text would be shown without distinction which one was signed and which part wasn’t.
There is no known workaround, please install the update packages.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 10.1 | ppc | gpg | < 1.4.2-23.16 | gpg-1.4.2-23.16.ppc.rpm |
openSUSE | 10.2 | x86_64 | gpg | < 1.4.5-24.4 | gpg-1.4.5-24.4.x86_64.rpm |
openSUSE | 10.0 | i586 | gpg | < 1.4.2-5.14 | gpg-1.4.2-5.14.i586.rpm |
openSUSE | 10.0 | x86_64 | gpg | < 1.4.2-5.14 | gpg-1.4.2-5.14.x86_64.rpm |
openSUSE | 10.1 | i586 | gpg | < 1.4.2-23.16 | gpg-1.4.2-23.16.i586.rpm |
openSUSE | 10.0 | ppc | gpg | < 1.4.2-5.14 | gpg-1.4.2-5.14.ppc.rpm |
openSUSE | 9.3 | x86_64 | gpg | < 1.4.0-4.14 | gpg-1.4.0-4.14.x86_64.rpm |
openSUSE | 9.3 | i586 | gpg | < 1.4.0-4.14 | gpg-1.4.0-4.14.i586.rpm |
openSUSE | 10.2 | ppc | gpg | < 1.4.5-24.4 | gpg-1.4.5-24.4.ppc.rpm |
openSUSE | 10.2 | i586 | gpg | < 1.4.5-24.4 | gpg-1.4.5-24.4.i586.rpm |