Technical Information Document
Security update for gpg - TID76efde0032721703f2b0b1d8a15c440c (last modified 27FEB2006)
printer friendly tell a friend
Click here if this does not solve your problem
76efde0032721703f2b0b1d8a15c440c 76efde0032721703f2b0b1d8a15c440c 76efde0032721703f2b0b1d8a15c440c
solutions
Security update for gpg SuSE Linux Maintenance Web (76efde0032721703f2b0b1d8a15c440c)
applies to
: gpg
Product(s): SUSE CORE 9 for x86
SUSE CORE 9 for Itanium Processor Family
SUSE CORE 9 for IBM POWER
SUSE CORE 9 for IBM S/390 31bit
SUSE CORE 9 for IBM zSeries 64bit
SUSE CORE 9 for AMD64 and Intel EM64T
SuSE Linux Desktop 1.0
SUSE LINUX Retail Solution 8
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
SuSE Linux Enterprise Server 8 for x86
SuSE Linux Enterprise Server 8 for IPF
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
SuSE Linux Enterprise Server 8 for IBM S/390 and IBM zSeries
SuSE Linux Enterprise Server 8 for IBM zSeries
SuSE Linux Enterprise Server 8 for AMD64
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
Novell Linux POS 9
Open Enterprise Server
SuSE Linux Openexchange Server 4
Patch: patch-10890
Release: 20060227
Obsoletes: none
indications
Install this update.
contraindications
None.
problem description
This update fixes the signature verification code in GPG. Before this update gpg returned a 0 (valid signature) when used on command-line with option --verify. This bug for example makes automatic tools vulnerable that confirm downloaded information files via GPG signatures before using the information in them, like for instance YAST Online Update patch files. This can lead to remote system compromise at root level. (CVE-2006-0455)
solution
Please install the updates provided at the location noted below.
installation notes
This update is provided as an RPM package that can easily be installed onto a running system by using this command:
rpm -Fvh gpg.rpm
links to download packages
Document Title: Security update for gpg
Document ID: 76efde0032721703f2b0b1d8a15c440c
Creation Date: 27FEB2006
Modified Date: 27FEB2006
Novell Product Class: SuSE
Novell Product and Version: SUSE CORE 9 for x86
SUSE CORE 9 for Itanium Processor Family
SUSE CORE 9 for IBM POWER
SUSE CORE 9 for IBM S/390 31bit
SUSE CORE 9 for IBM zSeries 64bit
SUSE CORE 9 for AMD64 and Intel EM64T
SuSE Linux Desktop 1.0
SUSE LINUX Retail Solution 8
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
SuSE Linux Enterprise Server 8 for x86
SuSE Linux Enterprise Server 8 for IPF
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
SuSE Linux Enterprise Server 8 for IBM S/390 and IBM zSeries
SuSE Linux Enterprise Server 8 for IBM zSeries
SuSE Linux Enterprise Server 8 for AMD64
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
Novell Linux POS 9
Open Enterprise Server
SuSE Linux Openexchange Server 4

Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.