[Security-team] tar: CVE-2006-6097

Maxim Tyurin =?iso-8859-1?q?mrkooll_=CE=C1_bungarus=2Einfo?=
Чт Дек 7 22:17:06 MSK 2006 

Dmitry V. Levin writes:

> On Fri, Dec 01, 2006 at 02:59:51PM +0200, Maxim Tyurin wrote:
>> Dmitry V. Levin writes:
> [...]
>> > Для 2.4 или для 3.0?
>> 
>> Для 3.0 точно.
>
> Здесь проблем не предвидится.
>
>> Для 2.4 попробую. Есть какие-либо причины не обновлять gnupg на ALM
>> 2.4 ?
>
> Неполная совместимость по конфигурации в ~/.gnupg

Вышел 1.2.8
Завтра попробую собрать.

From: Werner Koch <wk на gnupg.org>
Subject: [gnupg-ru] [Announce] Maintenance release for GnuPG 1.2.x
To: gnupg-announce на gnupg.org
Date: Thu, 07 Dec 2006 17:07:12 +0100
User-Agent: Gnus/5.110006 (No Gnus v0.6)
X-Spam-Status: No, score=0.0 required=5.0 tests=AWL autolearn=unavailable  version=3.0.3

[[PGP Signed Part:Werner Koch <wk на gnupg.org>
Untrusted, Fingerprint: 5919 1616 E281 1198 78CD B3DB 6078 4E94 010A 57ED]]
Hello,

I am pleased to announce a security update to the 1.2 series of
GnuPG: Version 1.2.8.

The 1.2.x series has reached end of life status about 2 years ago.
However, I make an update available for the sake of those who can't
migrate to 1.4.  There is no guarantee that all problems are solved in
1.2 - it is in general better to migrate to the activly maintained 1.4
series.

You will find that version as well as corresponding signatures at the
usual place (ftp://ftp.gnupg.org/gcrypt/gnupg/).



Noteworthy changes in version 1.2.8 (2006-12-07)
------------------------------------------------

    Backported security fixes.  Note, that the 1.2.x series has
    reached end of life status.  You should migrate to 1.4.x.

    * Fixed a serious and exploitable bug in processing encrypted
      packages. [CVE-2006-6235].

    * Fixed a buffer overflow in gpg. [bug#728, CVE-2006-6169]

    * User IDs are now capped at 2048 bytes.  This avoids a memory
      allocation attack [CVE-2006-3082].

    * Added countermeasures against the Mister/Zuccherato CFB attack
      <http://eprint.iacr.org/2005/033>.



Happy Hacking,

   Werner


-- 
Werner Koch                                      <wk на gnupg.org>
The GnuPG Experts                                http://g10code.com
Join the Fellowship and protect your Freedom!    http://www.fsfe.org
[[End of PGP Signed Part]]

-- 

With Best Regards, Maxim Tyurin
JID:	MrKooll на jabber.pibhe.com
   ___                                 
  / _ )__ _____  ___ ____ _______ _____
 / _  / // / _ \/ _ `/ _ `/ __/ // (_-<
/____/\_,_/_//_/\_, /\_,_/_/  \_,_/___/
               /___/

Подробная информация о списке рассылки Security-team