Thursday, December 7, 2006

Update on GnuPG

Although GnuPG has released GnuPG 2.0.1, but they still maintain their 1.x version and they have just released an update for that version which have fixed a security vulnerability that existed. It has a version number of 1.4.6 and Pat as usual has put this problem at first priority and released an updated package for Slackware 9.0 and newer. Here's the latest -stable changelog:
Wed Dec 6 15:16:06 CST 2006
Upgraded to gnupg-1.4.6. This release fixes a severe and exploitable bug in earlier versions of gnupg. All gnupg users should update to the new packages as soon as possible. For details, see the information concerning CVE-2006-6235 posted on
The CVE entry for this issue may be found here:
This update also addresses a more minor security issue possibly exploitable when GnuPG is used in interactive mode. For more information about that issue, see:
(* Security fix *)