pilla Bodhisattva
Joined: 07 Aug 2002 Posts: 7729 Location: Underworld
|
Posted: Sat Jul 19, 2003 2:46 pm Post subject: [gentoo-security] GLSA: gnupg (200307-06) |
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200307-06
- - - ---------------------------------------------------------------------
PACKAGE : gnupg
SUMMARY : gpg setgid
DATE : 2003-07-19 14:27 UTC
EXPLOIT : local
VERSIONS AFFECTED : <gnupg-1.2.2-r1
FIXED VERSION : >=gnupg-1.2.2-r1
CVE :
- - - ---------------------------------------------------------------------
gpg needs to be setuid to make use of protected memory space, however the
setgid bit allowed gpg user to overwrite goup root writable files and is
therefor unnecessary.
SOLUTION
It is recommended that all Gentoo Linux users who are running
app-crypt/gnupg upgrade to gnupg-1.2.2-r1 as follows
emerge sync
emerge gnupg
emerge clean
- - - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://dev.gentoo.org/~aliz
taviso@gentoo.org
- - - ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/GVVqfT7nyhUpoZMRAuvoAJ4+sGRjZzE9N6CvSsZ/igqlEYOmrgCghtXb
mjW0tn0aoFEPuaOOVMv0cMk=
=09VQ
-----END PGP SIGNATURE----- _________________ "I'm just very selective about the reality I choose to accept." -- Calvin |
|