When Israel attacks Palestinians with some vendetta-shit, the US helps them, but when Saddam does the same he should hang. » « Post-Mortem Data Destruction 

GNU Privacy Guard vulnerability discovered

# on March 10th 2006 at 4:21 pm in Internet & Technology, Security & Privacy, Software

According to this post on the GPG mailing-list, GPG doesn’t detect the injection of unsigned data. That is rather a serious issue, so upgrading to the latest version is advised:

In the aftermath of the false positive signature verfication bug
(announced 2006-02-15) more thorough testing of the fix has been done
and another vulnerability has been detected.

This new problem affects the use of *gpg* for verification of
signatures which are _not_ detached signatures. The problem also
affects verification of signatures embedded in encrypted messages;
i.e. standard use of gpg for mails.

As usual, you can download the latest version from the GPG download page.

You have been warned…

GPG, Vulnerability, Security, Privacy

- Navaho Gunleg
comment on this article

Notice: All comments are moderated. Your comment will appear once approved.

© 2005-2009. All remarks and opinions on this site are the intellectual property of Navaho Gunleg, unless specified otherwise. If you find anything offensive or other wise insulting, just close the damn window.