{"id":134,"date":"2006-03-22T09:49:42","date_gmt":"2006-03-22T09:49:42","guid":{"rendered":"http:\/\/irdial.com\/blogdial\/?p=134"},"modified":"2006-03-22T09:49:42","modified_gmt":"2006-03-22T09:49:42","slug":"gpg-flaw","status":"publish","type":"post","link":"https:\/\/irdial.com\/blogdial\/?p=134","title":{"rendered":"gpg flaw"},"content":{"rendered":"<p>GnuPG does not detect injection of unsigned data<br \/>\n================================================<br \/>\n                 (released 2006-03-09, CVE-2006-0049)<\/p>\n<p>Summary<br \/>\n=======<\/p>\n<p>In the aftermath of the false positive signature verfication bug<br \/>\n(announced 2006-02-15) more thorough testing of the fix has been done<br \/>\nand another vulnerability has been detected.<\/p>\n<p>[&#8230;]<\/p>\n<p>Impact:<br \/>\n=======<\/p>\n<p>Signature verification of non-detached signatures may give a positive<br \/>\nresult but when extracting the signed data, this data may be prepended<br \/>\nor appended with extra data not covered by the signature.  Thus it is<br \/>\npossible for an attacker to take any signed message and inject extra<br \/>\narbitrary data.<\/p>\n<p>Detached signatures (a separate signature file) are not affected.<\/p>\n<p>All versions of gnupg prior to <strong>1.4.2.2<\/strong> are affected.<\/p>\n<p>[&#8230;]<br \/>\n<a href=\"http:\/\/lists.gnupg.org\/pipermail\/gnupg-announce\/2006q1\/000216.html\"><br \/>\nGPG [announce]<\/a><\/p>\n<p>Those of you using earlier versions of GPG will no doubt want to upgrade.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>GnuPG does not detect injection of unsigned data ================================================ (released 2006-03-09, CVE-2006-0049) Summary ======= In the aftermath of the false positive signature verfication bug (announced 2006-02-15) more thorough testing of the fix has been done and another vulnerability has been detected. [&#8230;] Impact: ======= Signature verification of non-detached signatures may give a positive result but [&hellip;]<\/p>\n","protected":false},"author":15,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[8,23],"tags":[],"_links":{"self":[{"href":"https:\/\/irdial.com\/blogdial\/index.php?rest_route=\/wp\/v2\/posts\/134"}],"collection":[{"href":"https:\/\/irdial.com\/blogdial\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/irdial.com\/blogdial\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/irdial.com\/blogdial\/index.php?rest_route=\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/irdial.com\/blogdial\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=134"}],"version-history":[{"count":0,"href":"https:\/\/irdial.com\/blogdial\/index.php?rest_route=\/wp\/v2\/posts\/134\/revisions"}],"wp:attachment":[{"href":"https:\/\/irdial.com\/blogdial\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=134"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/irdial.com\/blogdial\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=134"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/irdial.com\/blogdial\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=134"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}