[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

A warning to users of GPG (aka GNUPG)

To: Indian Linux User Group - Chennai <ilugc@xxxxxxxxxxxxxxxxxx>
Subject: A warning to users of GPG (aka GNUPG)
From: M K Saravanan <mksarav@xxxxxxxxxxxxxxxxx>
Date: Sat, 11 Nov 2000 11:19:18 +0530 (IST)
Cc: linux-india-general@xxxxxxxxxxxxxxxxxxxxx

-- mks --


---------- Forwarded message ----------
Date: Fri, 10 Nov 2000 16:54:48 -0800
From: Greg Black <gjb@xxxxxxxx>
Reply-To: FreeDevelopers@xxxxxxxxxx
To: FreeDevelopers@xxxxxxxxxx
Subject: A warning to users of GPG (aka GNUPG)

Those of you who use GPG for personal encryption software should
be aware of a security problem with versions prior to 1.04 as
disclosed in the following announcement:

    Versions of gnupg prior to 1.04 fail to correctly verify
    multiple signatures contained in a single document. Only the
    first signature encountered is actually verified, meaning
    that other data with invalid signatures (e.g. data which has
    been tampered with by an attacker) will not be verified, and
    the entire document will be treated as having valid
    signatures.

If you are using an older version, it would be very wise to
update now.

Greg

Prev by Subject: UPDATE: Nov 25 Linux-Goa meeting
Next by Subject: Why Linux companies go broke?
Previous by thread: NEWS: Haryana signs MoU with Microsoft to computerize govt. departments
Next by thread: Why Linux companies go broke?
Index(es):
- Subject
- Thread