Lucene search
SuseSUSE-SA:2007:024HistoryMar 30, 2007 - 4:10 p.m.
signature bypassing in gpg
2007-03-3016:10:46
lists.opensuse.org
12
0.104 Low
EPSS
Percentile
94.4%
When printing a text stream with a GPG signature it was possible for an attacker to create a stream with “unsigned text, signed text” where both unsigned and signed text would be shown without distinction which one was signed and which part wasn’t.
Solution
There is no known workaround, please install the update packages.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 10.1 | ppc | gpg | < 1.4.2-23.16 | gpg-1.4.2-23.16.ppc.rpm |
| openSUSE | 10.2 | x86_64 | gpg | < 1.4.5-24.4 | gpg-1.4.5-24.4.x86_64.rpm |
| openSUSE | 10.0 | i586 | gpg | < 1.4.2-5.14 | gpg-1.4.2-5.14.i586.rpm |
| openSUSE | 10.0 | x86_64 | gpg | < 1.4.2-5.14 | gpg-1.4.2-5.14.x86_64.rpm |
| openSUSE | 10.1 | i586 | gpg | < 1.4.2-23.16 | gpg-1.4.2-23.16.i586.rpm |
| openSUSE | 10.0 | ppc | gpg | < 1.4.2-5.14 | gpg-1.4.2-5.14.ppc.rpm |
| openSUSE | 9.3 | x86_64 | gpg | < 1.4.0-4.14 | gpg-1.4.0-4.14.x86_64.rpm |
| openSUSE | 9.3 | i586 | gpg | < 1.4.0-4.14 | gpg-1.4.0-4.14.i586.rpm |
| openSUSE | 10.2 | ppc | gpg | < 1.4.5-24.4 | gpg-1.4.5-24.4.ppc.rpm |
| openSUSE | 10.2 | i586 | gpg | < 1.4.5-24.4 | gpg-1.4.5-24.4.i586.rpm |
Related
nessus
nessus
Oracle Linux 3 / 4 : gnupg (ELSA-2007-0106)
2013-07-12 00:00:00
Fedora Core 5 : gnupg-1.4.7-1 (2007-316)
2007-03-16 00:00:00
Oracle Linux 5 : gnupg (ELSA-2007-0107)
2013-07-12 00:00:00
prion
prion
Design/Logic Flaw
2007-03-06 20:19:00
openvas
openvas
SuSE Update for gpg SUSE-SA:2007:024
2009-01-28 00:00:00
Mandriva Update for gnupg MDKSA-2007:059 (gnupg)
2009-04-09 00:00:00
Ubuntu Update for gnupg vulnerability USN-432-1
2009-03-23 00:00:00
redhat
redhat
(RHSA-2007:0107) Important: gnupg security update
2007-03-13 00:00:00
(RHSA-2007:0106) Important: gnupg security update
2007-03-06 00:00:00
debiancve
debiancve
CVE-2007-1263
2007-03-06 20:19:00
oraclelinux
oraclelinux
Important: gnupg security update
2007-03-06 00:00:00
Important: gnupg security update
2007-06-26 00:00:00
ubuntucve
ubuntucve
ubuntu
ubuntu
GnuPG2, GPGME vulnerability
2007-03-13 00:00:00
GnuPG vulnerability
2007-03-08 00:00:00
debian
debian
[SECURITY] [DSA 1266-1] New gnupg packages fix signature forgery
2007-03-13 22:55:27
cve
cve
CVE-2007-1263
2007-03-06 20:19:00
slackware
slackware
[slackware-security] gnupg
2007-03-08 02:35:56
centos
centos
gnupg security update
2007-03-07 01:28:25
gnupg security update
2007-03-06 11:23:21
securityvulns
securityvulns
Unsigned content spoofing in multiple application launching GnuPG
2007-03-06 00:00:00
coresecurity
coresecurity
GnuPG and GnuPG clients unsigned data injection vulnerability
2007-03-05 00:00:00