Package name
gnupg
Date
2005-03-15
Advisory ID
MDKSA-2005:057
Affected versions
9.2 i586 , CS2.1 x86_64 , 10.0 amd64 , 10.1 i586 , 10.0 i586 , CS3.0 x86_64 , CS3.0 i586 , 9.2 amd64 , CS2.1 i586 , 10.1 x86_64

Problem description

The OpenPGP protocol is vulnerable to a timing-attack in order to gain plain text from cipher text. The timing difference appears as a side effect of the so-called "quick scan" and is only exploitable on systems that accept an arbitrary amount of cipher text for automatic decryption. The updated packages have been patched to disable the quick check for all public key-encrypted messages and files.

Updated packages

9.2 i586

 eea8f872b37b44e323121f8f06e055a5  9.2/RPMS/gnupg-1.2.3-3.2.92mdk.i586.rpm
4853be0ffaeb03b0bc78bd361342d5ed  9.2/SRPMS/gnupg-1.2.3-3.2.92mdk.src.rpm

CS2.1 x86_64

 54fe5bb44107b7e3e61b36497a911bc3  x86_64/corporate/2.1/RPMS/gnupg-1.0.7-3.3.C21mdk.x86_64.rpm
7feb5108aab575ca5a236257cb6381bf  x86_64/corporate/2.1/SRPMS/gnupg-1.0.7-3.3.C21mdk.src.rpm

10.0 amd64

 df0f82dbd6e158e0ed5147cb39e16d8a  amd64/10.0/RPMS/gnupg-1.2.4-1.1.100mdk.amd64.rpm
86351de46dfb9269582e3ff077c1cbfd  amd64/10.0/SRPMS/gnupg-1.2.4-1.1.100mdk.src.rpm

10.1 i586

 e5c5e11c18532a11b3f17df2f4a8d0f0  10.1/RPMS/gnupg-1.2.4-1.1.101mdk.i586.rpm
6616d6b33665b0b61b3ba60ea4edb7b7  10.1/SRPMS/gnupg-1.2.4-1.1.101mdk.src.rpm

10.0 i586

 e417191838d8efce573d72c1a23985f5  10.0/RPMS/gnupg-1.2.4-1.1.100mdk.i586.rpm
86351de46dfb9269582e3ff077c1cbfd  10.0/SRPMS/gnupg-1.2.4-1.1.100mdk.src.rpm

CS3.0 x86_64

 c9fcb2074b56249ccbb1456a4fffea4e  x86_64/corporate/3.0/RPMS/gnupg-1.2.4-1.1.C30mdk.x86_64.rpm
78db8f8ecd2709c17b0700b22d74f227  x86_64/corporate/3.0/SRPMS/gnupg-1.2.4-1.1.C30mdk.src.rpm

CS3.0 i586

 e95d4dd1787d1b371c554ac29c840ae4  corporate/3.0/RPMS/gnupg-1.2.4-1.1.C30mdk.i586.rpm
78db8f8ecd2709c17b0700b22d74f227  corporate/3.0/SRPMS/gnupg-1.2.4-1.1.C30mdk.src.rpm

9.2 amd64

 cd27f63d89d9850c25f3e36968dc120f  amd64/9.2/RPMS/gnupg-1.2.3-3.2.92mdk.amd64.rpm
4853be0ffaeb03b0bc78bd361342d5ed  amd64/9.2/SRPMS/gnupg-1.2.3-3.2.92mdk.src.rpm

CS2.1 i586

 9a94f8178b38d21436776157a8dc64fa  corporate/2.1/RPMS/gnupg-1.0.7-3.3.C21mdk.i586.rpm
7feb5108aab575ca5a236257cb6381bf  corporate/2.1/SRPMS/gnupg-1.0.7-3.3.C21mdk.src.rpm

10.1 x86_64

 0f912bf60b3aa5657f1d70ac1321877c  x86_64/10.1/RPMS/gnupg-1.2.4-1.1.101mdk.x86_64.rpm
6616d6b33665b0b61b3ba60ea4edb7b7  x86_64/10.1/SRPMS/gnupg-1.2.4-1.1.101mdk.src.rpm

References