When Israel attacks Palestinians with some vendetta-shit, the US helps them, but when Saddam does the same he should hang. » « Post-Mortem Data Destruction 

GNU Privacy Guard vulnerability discovered

# on March 10th 2006 at 4:21 pm in Internet & Technology, Security & Privacy, Software

According to this post on the GPG mailing-list, GPG doesn’t detect the injection of unsigned data. That is rather a serious issue, so upgrading to the latest version is advised:

In the aftermath of the false positive signature verfication bug
(announced 2006-02-15) more thorough testing of the fix has been done
and another vulnerability has been detected.

This new problem affects the use of *gpg* for verification of
signatures which are _not_ detached signatures. The problem also
affects verification of signatures embedded in encrypted messages;
i.e. standard use of gpg for mails.

As usual, you can download the latest version from the GPG download page.

You have been warned…

GPG, Vulnerability, Security, Privacy

- Navaho Gunleg
comment on this article

Notice: All comments are moderated. Your comment will appear once approved.

© 2005-2010. All remarks and opinions on this site are the intellectual property of Navaho Gunleg, unless specified otherwise. If you find anything offensive or otherwise insulting, just close the damn window; there are far more serious issues in this world to get upset about.