-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ## ## Patch description of patch 91bd5b75ab1218a3ee7853871ac831ce ## Kind: security Shortdescription.english: Security update for gpg Longdescription.english: Applies to Package: gpg Product(s): Release: 20050224 Obsoletes: none Indications Everyone using gpg in an automated way should update. Contraindications None. Problem description The OpenPGP protocol was vulnerable to a timing-attack to gain plaintext from ciphertext. The timing difference appears as side effect of the so called quick scan and is only exploitable on systems that accept an arbitrary amount of ciphertext for automatic decryption. Solution Please install the updates provided at the location noted below. Installation notes This update is provided as an RPM package that can easily be installed onto a running system by using this command: rpm -Fvh gpg.rpm Hsilgne.noitpircsedgnol: Size: 939 MinYaST1Version: MinYaST2Version: UpdateOnlyInstalled: true Packages: ## ## -----> gpg <----- ## Filename: gpg.rpm Label: GNU Privacy Guard, en/decrypts and signs data Series: i586 Size: 3020604 961876 PatchRpmBasedOn: 1.0.7-94 PatchRpmSize: 3020604 460882 Buildtime: 1109194876 DepAND: DepOR: DepExcl: Flag: Category: RpmGroup: Productivity/Security Copyright: GPL AuthorName: Werner Koch AuthorAddress: Version: 1.0.7-179 StartCommand: Obsoletes: Requires: /usr/bin/perl ld-linux.so.2 libc.so.6 libc.so.6(GLIBC_2.0) libc.so.6(GLIBC_2.1) libc.so.6(GLIBC_2.1.3) libc.so.6(GLIBC_2.2) libdl.so.2 libdl.so.2(GLIBC_2.0) libdl.so.2(GLIBC_2.1) libz.so.1 rpmlib(PayloadIsBzip2) <= 3.0.5-1 Provides: gnupg pgpgpg Segakcap: -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFCJwEgqE7a6JyACsoRAmTCAJ9/CilLa3GluedwaACGPv9tf+tsCgCf XoIHkz2f+jWEaQfBUxOJDaiMP2s= =DO8L -----END PGP SIGNATURE-----