[SECURITY] Fedora Core 4 Update: gnupg-1.4.4-1

Nalin Dahyabhai nalin at redhat.com
Fri Jun 30 20:15:13 UTC 2006

Fedora Update Notification

Product     : Fedora Core 4
Name        : gnupg
Version     : 1.4.4
Release     : 1
Summary     : A GNU utility for secure communication and data storage.
Description :
GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and
creating digital signatures. GnuPG has advanced key management
capabilities and is compliant with the proposed OpenPGP Internet
standard described in RFC2440. Since GnuPG doesn't use any patented
algorithm, it is not compatible with any version of PGP2 (PGP2.x uses
only IDEA for symmetric-key encryption, which is patented worldwide).

Update Information:

This update upgrades to upstream version 1.4.4, which places
a limit on the size of user ID packets, closing a possible
integer overflow (CVE-2006-3082).
* Mon Jun 26 2006 Nalin Dahyabhai <nalin at redhat.com> - 1.4.4-1
- update to 1.4.4
* Tue Jun 20 2006 Nalin Dahyabhai <nalin at redhat.com> - 1.4.3-5
- rebuild
* Tue Jun 20 2006 Nalin Dahyabhai <nalin at redhat.com> - 1.4.3-4
- add patch from upstream to fix CVE-2006-3082 (#195946)
* Tue Apr 11 2006 Nalin Dahyabhai <nalin at redhat.com> - 1.4.3-3
- rebuild
* Tue Apr 11 2006 Nalin Dahyabhai <nalin at redhat.com> - 1.4.3-2
- apply patch from David Shaw to try multiple defaults if the the photo-viewer
  option isn't set (fixes #187880)

This update can be downloaded from:

f186252e320ab95094333d4f5caa10a0434d2e5e  SRPMS/gnupg-1.4.4-1.src.rpm
f186252e320ab95094333d4f5caa10a0434d2e5e  noarch/gnupg-1.4.4-1.src.rpm
e77ccb9de008b4a444a4e0565c02dd64af2693ed  ppc/gnupg-1.4.4-1.ppc.rpm
7f49099ea3625528889e6674bfd8eade8946b64d  ppc/debug/gnupg-debuginfo-1.4.4-1.ppc.rpm
49a68b507a807f26b9cf616f0878b889972b9dc5  x86_64/gnupg-1.4.4-1.x86_64.rpm
939ca4441043f0f63f50f967e0d27739af0dbac4  x86_64/debug/gnupg-debuginfo-1.4.4-1.x86_64.rpm
93d0d3e67d6faa5268ac5175faf59a5da323b049  i386/gnupg-1.4.4-1.i386.rpm
46d8e076a86cd2b0afd23d6d68eafb76abd7e5c7  i386/debug/gnupg-debuginfo-1.4.4-1.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.

More information about the package-announce mailing list