---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_vacancies/ Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/ ---------------------------------------------------------------------- TITLE: Debian update for gnupg SECUNIA ADVISORY ID: SA24511 VERIFY ADVISORY: http://secunia.com/advisories/24511/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: >From remote OPERATING SYSTEM: Debian GNU/Linux unstable alias sid http://secunia.com/product/530/ Debian GNU/Linux 3.1 http://secunia.com/product/5307/ DESCRIPTION: Debian has issued an update for gnupg. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions when applications use GnuPG in an insecure manner. For more information: SA24412 SOLUTION: Apply updated packages. -- Debian GNU/Linux 3.1 alias sarge -- Source archives: http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7.dsc Size/MD5 checksum: 680 7f02659abf22fc4d8cd5537d3cd88d64 http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7.diff.gz Size/MD5 checksum: 24290 3baa58f381c8508e8826b11625e4719d http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1.orig.tar.gz Size/MD5 checksum: 4059170 1cc77c6943baaa711222e954bbd785e5 Alpha architecture: http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_alpha.deb Size/MD5 checksum: 2156494 f6a5a926159e22ff1b915b578aee79e9 AMD64 architecture: http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_amd64.deb Size/MD5 checksum: 1963978 071d87e7ca69d520cbf0993e90a26b0c ARM architecture: http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_arm.deb Size/MD5 checksum: 1900000 607cd3b74c53945b6345594490ae09e7 HP Precision architecture: http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_hppa.deb Size/MD5 checksum: 2004634 f3d85ad41dc35f203d655962f2f19f0f Intel IA-32 architecture: http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_i386.deb Size/MD5 checksum: 1909476 fe9933fd968ae8242f26094e1314ce1b Intel IA-64 architecture: http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_ia64.deb Size/MD5 checksum: 2326178 e082e9a2b0ec22089a9a2e37a7d49b55 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_m68k.deb Size/MD5 checksum: 1811574 a778d48de1b914fbaf9132d707f3980e Big endian MIPS architecture: http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_mips.deb Size/MD5 checksum: 2001516 b3894d73eaa453aa16cce7963a94d169 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_mipsel.deb Size/MD5 checksum: 2008140 30692827e1d8b0877d73dcf555b56d57 PowerPC architecture: http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_powerpc.deb Size/MD5 checksum: 1958420 8ccf53ca0a1b4afeffedd6df10067ddc IBM S/390 architecture: http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_s390.deb Size/MD5 checksum: 1967612 6baf699e3108a6a97bdb8ffb26e67bae Sun Sparc architecture: http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_sparc.deb Size/MD5 checksum: 1897992 2b92e27ded545d9e1d89a7b2e89b5459 -- Debian GNU/Linux unstable alias sid -- Fixed in version 1.4.6-2. ORIGINAL ADVISORY: http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00021.html OTHER REFERENCES: SA24412: http://secunia.com/advisories/24412/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------