LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

gnupg: incorrect signature verification

Package(s):gnupg CVE #(s):CVE-2006-0049
Created:March 13, 2006 Updated:May 15, 2006
Description: Another vulnerability has been found in GnuPG. "Signature verification of non-detached signatures may give a positive result but when extracting the signed data, this data may be prepended or appended with extra data not covered by the signature. Thus it is possible for an attacker to take any signed message and inject extra arbitrary data."
Alerts:
Fedora-Legacy FLSA:185355 2006-05-12
Trustix TSLSA-2006-0014 2006-03-20
Red Hat RHSA-2006:0266-01 2006-03-15
Slackware SSA:2006-072-02 2006-03-14
Fedora FEDORA-2006-147 2006-03-13
Mandriva MDKSA-2006:055 2006-03-13
Ubuntu USN-264-1 2006-03-13
Debian DSA-993-2 2006-03-13
Gentoo 200603-08 2006-03-10
Debian DSA-993-1 2006-03-10
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds