Sponsored link
Vyatta –
Linux & Open Source
Alternative to Cisco –
Advanced Routing,
Firewall, VPN, QoS..
Free Download ->
| |||||||||||||
Gentoo alert 200307-06 (gnupg)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200307-06 - - - --------------------------------------------------------------------- PACKAGE : gnupg SUMMARY : gpg setgid DATE : 2003-07-19 14:27 UTC EXPLOIT : local VERSIONS AFFECTED : <gnupg-1.2.2-r1 FIXED VERSION : >=gnupg-1.2.2-r1 CVE : - - - --------------------------------------------------------------------- gpg needs to be setuid to make use of protected memory space, however the setgid bit allowed gpg user to overwrite goup root writable files and is therefor unnecessary. SOLUTION It is recommended that all Gentoo Linux users who are running app-crypt/gnupg upgrade to gnupg-1.2.2-r1 as follows emerge sync emerge gnupg emerge clean - - - --------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at http://dev.gentoo.org/~aliz taviso@gentoo.org - - - --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/GVVqfT7nyhUpoZMRAuvoAJ4+sGRjZzE9N6CvSsZ/igqlEYOmrgCghtXb mjW0tn0aoFEPuaOOVMv0cMk= =09VQ -----END PGP SIGNATURE----- (Log in to post comments)
|
|||||||||||||