Hello,
I am pleased to announce a security update to the 1.2 series
of
GnuPG: Version 1.2.8.
The 1.2.x series has reached end of life status about 2
years ago.
However, I make an update available for the sake of those
who can't
migrate to 1.4. There is no guarantee that all problems are
solved in
1.2 - it is in general better to migrate to the activly
maintained 1.4
series.
You will find that version as well as corresponding
signatures at the
usual place (ftp://ftp.gnupg.org/gcrypt/gnupg/).
Noteworthy changes in version 1.2.8 (2006-12-07)
------------------------------------------------
Backported security fixes. Note, that the 1.2.x series
has
reached end of life status. You should migrate to
1.4.x.
* Fixed a serious and exploitable bug in processing
encrypted
packages. [CVE-2006-6235].
* Fixed a buffer overflow in gpg. [bug#728,
CVE-2006-6169]
* User IDs are now capped at 2048 bytes. This avoids a
memory
allocation attack [CVE-2006-3082].
* Added countermeasures against the Mister/Zuccherato
CFB attack
<http://eprint.ia
cr.org/2005/033>.
Happy Hacking,
Werner
--
Werner Koch <wk gnupg.org>
The GnuPG Experts http://g10code.com
Join the Fellowship and protect your Freedom! http://www.fsfe.org
_______________________________________________
Gnupg-announce mailing list
Gnupg-announcegnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce
_______________________________________________
Gnupg-devel mailing list
Gnupg-develgnupg.org
h
ttp://lists.gnupg.org/mailman/listinfo/gnupg-devel
|