[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

A warning to users of GPG (aka GNUPG)

To: Indian Linux User Group - Chennai <ilugc@xxxxxxxxxxxxxxxxxx>
Subject: A warning to users of GPG (aka GNUPG)
From: M K Saravanan <mksarav@xxxxxxxxxxxxxxxxx>
Date: Sat, 11 Nov 2000 11:19:18 +0530 (IST)
Cc: linux-india-general@xxxxxxxxxxxxxxxxxxxxx
Delivered-to: ilug-c-archive@lists.linux-india.org
Reply-to: ilugc@xxxxxxxxxxxxxxxxxx
Sender: mksarav@xxxxxxxxxxxxxxxxx
Sender: ilugc-bounce@xxxxxxxxxxxxxxxxxx

-- mks --


---------- Forwarded message ----------
Date: Fri, 10 Nov 2000 16:54:48 -0800
From: Greg Black <gjb@xxxxxxxx>
Reply-To: FreeDevelopers@xxxxxxxxxx
To: FreeDevelopers@xxxxxxxxxx
Subject: A warning to users of GPG (aka GNUPG)

Those of you who use GPG for personal encryption software should
be aware of a security problem with versions prior to 1.04 as
disclosed in the following announcement:

    Versions of gnupg prior to 1.04 fail to correctly verify
    multiple signatures contained in a single document. Only the
    first signature encountered is actually verified, meaning
    that other data with invalid signatures (e.g. data which has
    been tampered with by an attacker) will not be verified, and
    the entire document will be treated as having valid
    signatures.

If you are using an older version, it would be very wise to
update now.

Greg


---
Visit our home page at: www.chennailug.org
Send e-mail to 'ilugc-request@xxxxxxxxxxxxxxxxxx' with 'unsubscribe' 
in either the subject or the body to unsubscribe from this list.

Prev by Subject: Re: Using printer on another OS (Oops !! a mistake)
Next by Subject: Web Interface for POP3 server on Linux?
Previous by thread: [Off Topic: Not really] Mob Software
Next by thread: Xserver problem
Index(es):
- Subject
- Thread