Skip to navigation

Bug Fix Advisory gnupg bug fix update

Advisory: RHBA-2010:0513-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2010-07-08
Last updated on: 2010-07-08
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Details

An updated gnupg package that fixes a bug is now available.

GnuPG is a utility for encrypting data and creating digital signatures.

This package addresses the following bug:

* compressed, old-style Modification Detection Code (MDC) packets do not
include length information and the decompressor uses an implicit end point.
In some circumstances (message length was likely the determining
circumstance) this could result in more bytes being supplied to the
decompressor than were needed. This resulted in GnuPG failing to decrypt
the file and returning an error as follows:

gpg: [don't know]: invalid packet (ctb=14)

With this update, the packet parsing was changed: MDC packets are now
decoded independently and are no longer passed to the packet parser that
lead to the errors. (BZ#592845).

GnuPG users should upgrade to this updated package, which resolves this
issue.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
gnupg-1.4.5-14.el5_5.1.src.rpm
File outdated by:  RHSA-2014:0016
    MD5: 64a2a22c4cd6d3b7bf7bc09ec951ee9c
SHA-256: 818a0d0bcc694fc8c2661988eb88d7f5edb5af76498935c20d06f24182f6972b
 
IA-32:
gnupg-1.4.5-14.el5_5.1.i386.rpm
File outdated by:  RHSA-2014:0016
    MD5: 5a6e7d81beab551c67f0667f8f305b49
SHA-256: 02c38fc1235dca0237de83cc1c24a5e51a1ffab2ee91717104453fb55e654e6d
 
IA-64:
gnupg-1.4.5-14.el5_5.1.ia64.rpm
File outdated by:  RHSA-2014:0016
    MD5: 12036330f2dcebc4a063d549c640886f
SHA-256: 8093216e7eacea5a4716cb8a3c6e13fb3a415e2a2469b010dedcb7748854c5ad
 
PPC:
gnupg-1.4.5-14.el5_5.1.ppc.rpm
File outdated by:  RHSA-2014:0016
    MD5: 6f4dcf6c031ba6a04054bea1f3a38b54
SHA-256: 92b8107978234bd07ac82a349a025138a32566192398f1295532ffe8e4241fc5
 
s390x:
gnupg-1.4.5-14.el5_5.1.s390x.rpm
File outdated by:  RHSA-2014:0016
    MD5: be4b6ae25123814a338455a2d6b1ebfd
SHA-256: 7fb19fda044993b6cc51da26d0e35e61f7df969acfc76388fc46045b54c0e695
 
x86_64:
gnupg-1.4.5-14.el5_5.1.x86_64.rpm
File outdated by:  RHSA-2014:0016
    MD5: 0c167021c495966a6b50711eda0d076f
SHA-256: f1bc165dbfe625d6dd7a9d26a2042d84223d899bdb33cefa4e24a960ca2d88fd
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
gnupg-1.4.5-14.el5_5.1.src.rpm
File outdated by:  RHSA-2014:0016
    MD5: 64a2a22c4cd6d3b7bf7bc09ec951ee9c
SHA-256: 818a0d0bcc694fc8c2661988eb88d7f5edb5af76498935c20d06f24182f6972b
 
IA-32:
gnupg-1.4.5-14.el5_5.1.i386.rpm
File outdated by:  RHSA-2014:0016
    MD5: 5a6e7d81beab551c67f0667f8f305b49
SHA-256: 02c38fc1235dca0237de83cc1c24a5e51a1ffab2ee91717104453fb55e654e6d
 
x86_64:
gnupg-1.4.5-14.el5_5.1.x86_64.rpm
File outdated by:  RHSA-2014:0016
    MD5: 0c167021c495966a6b50711eda0d076f
SHA-256: f1bc165dbfe625d6dd7a9d26a2042d84223d899bdb33cefa4e24a960ca2d88fd
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

602669 - gpg invalid packet error decrypting certain files


Keywords

compressed, decrypt


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/