COMMAND

    GnuPG

SYSTEMS AFFECTED

    GnuPG

PROBLEM

    When importing  keys from  public key  servers, GnuPG  will import
    private keys  (also known  as secret  keys) in  addition to public
    keys.   If  this  happens,   the  user's  web  of  trust   becomes
    corrupted.  Additionally, when used to check detached  signatures,
    if the data file  being checked contained clearsigned  data, GnuPG
    would not warn the user if the detached signature was incorrect.

    Florian Weimer discovered that  gpg would import secret  keys from
    key-servers.

SOLUTION

    For RedHat:

        ftp://updates.redhat.com//6.2/SRPMS/gnupg-1.0.4-8.6.x.src.rpm
        ftp://updates.redhat.com//6.2/alpha/gnupg-1.0.4-8.6.x.alpha.rpm
        ftp://updates.redhat.com//6.2/i386/gnupg-1.0.4-8.6.x.i386.rpm
        ftp://updates.redhat.com//6.2/sparc/gnupg-1.0.4-8.6.x.sparc.rpm
        ftp://updates.redhat.com//7.0/SRPMS/gnupg-1.0.4-8.6.x.src.rpm
        ftp://updates.redhat.com//7.0/SRPMS/gnupg-1.0.4-9.src.rpm
        ftp://updates.redhat.com//7.0/alpha/gnupg-1.0.4-9.alpha.rpm
        ftp://updates.redhat.com//7.0/i386/gnupg-1.0.4-9.i386.rpm

    For Trustix:

        For version 1.2: RPMS/gnupg-1.0.4-4tr.i586.rpm
                         SRPMS/gnupg-1.0.4-4tr.src.rpm
        For version 1.1 and 1.0x:
                         RPMS/gnupg-1.0.4-4tr.i586.rpm
                         SRPMS/gnupg-1.0.4-4tr.src.rpm

    Get the updates here:

        http://www.trustix.net/pub/Trustix/updates/
        ftp://ftp.trustix.net/pub/Trustix/updates/

    Users of 1.0x should as always use the update for 1.1.

    For Linux-Mandrake:

        Linux-Mandrake 7.0: 7.0/RPMS/gnupg-1.0.4-3.2mdk.i586.rpm
                            7.0/SRPMS/gnupg-1.0.4-3.2mdk.src.rpm
        Linux-Mandrake 7.1: 7.1/RPMS/gnupg-1.0.4-3.2mdk.i586.rpm
                            7.1/SRPMS/gnupg-1.0.4-3.2mdk.src.rpm
        Linux-Mandrake 7.2: 7.2/RPMS/gnupg-1.0.4-3.1mdk.i586.rpm
                            7.2/SRPMS/gnupg-1.0.4-3.1mdk.src.rpm

    For Debian:

        http://security.debian.org/dists/stable/updates/main/source/gnupg_1.0.4-1.1.diff.gz
        http://security.debian.org/dists/stable/updates/main/source/gnupg_1.0.4-1.1.dsc
        http://security.debian.org/dists/stable/updates/main/source/gnupg_1.0.4.orig.tar.gz
        http://security.debian.org/dists/stable/updates/main/binary-alpha/gnupg_1.0.4-1.1_alpha.deb
        http://security.debian.org/dists/stable/updates/main/binary-arm/gnupg_1.0.4-1.1_arm.deb
        http://security.debian.org/dists/stable/updates/main/binary-i386/gnupg_1.0.4-1.1_i386.deb
        http://security.debian.org/dists/stable/updates/main/binary-m68k/gnupg_1.0.4-1.1_m68k.deb
        http://security.debian.org/dists/stable/updates/main/binary-powerpc/gnupg_1.0.4-1.1_powerpc.deb
        http://security.debian.org/dists/stable/updates/main/binary-sparc/gnupg_1.0.4-1.1_sparc.deb

    For Conectiva Linux:

        ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/gnupg-1.0.4-5cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/gnupg-1.0.4-5cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/gnupg-1.0.4-5cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/gnupg-1.0.4-5cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/gnupg-1.0.4-5cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/i386/gnupg-1.0.4-5cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/gnupg-1.0.4-5cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/i386/gnupg-1.0.4-5cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/gnupg-1.0.4-5cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/gnupg-1.0.4-5cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/gnupg-1.0.4-5cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/gnupg-1.0.4-5cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/gnupg-1.0.4-5cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/gnupg-1.0.4-5cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/gnupg-1.0.4-5cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/gnupg-1.0.4-5cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/gnupg-1.0.4-5cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/gnupg-1.0.4-5cl.i386.rpm