Documents Associated to gpg

New User, Welcome! Login

gpg

FireGPG Passphrase And Cleartext Vulnerability

========================================================================
Vulnerability Affecting FireGPG Passphrase and Cleartext Recovery
10/20/2008

Abstract

FireGPG is a Firefox extension that provides a front-end to GPG,
allowing webmail users to conveniently exchange GPG messages from
Firefox.

Two vulnerabilities in SquirrelMail GPG plugin

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Site address: http://www.braverock.com/gpg
SquirrelMail plugin page: http://www.squirrelmail.org/plugin_view.php?id=153

1 issue - Deletion of files writable by web server user

SquirrelMail GPG plugin allows end users to delete or overwrite files
writable by web server user. In default SquirrelMail 1.4.3-1.4.8 setups

[ MDVSA-2010:125 ] firefox

 2722298eb7ba47339864172a7de7104a  mes5/SRPMS/xulrunner-1.9.2.4-0.1mdvmes5.1.src.rpm
 c78e19759ce9deb123b9161460297e57  mes5/SRPMS/yelp-2.24.0-3.17mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

[ MDVSA-2010:116 ] perl

 c04288530931d3cb200c96f7812b8076  2010.0/x86_64/perl-suid-5.10.1-3.1mdv2010.0.x86_64.rpm 
 7d8419885965a965539d8c989004032e  2010.0/SRPMS/perl-5.10.1-3.1mdv2010.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

[ MDVSA-2010:107 ] mysql

 25d9feae874449ba4b49abd1ffad7c3f  mes5/x86_64/mysql-ndb-tools-5.0.89-0.4mdvmes5.1.x86_64.rpm 
 d3f4a1eb37c2f8686a8fb91d3d0ab9d3  mes5/SRPMS/mysql-5.0.89-0.4mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

[ MDVSA-2010:108 ] kolab-horde-framework

 4b53826eac6ad882a138f67e8a0ca946  2010.0/x86_64/kolab-horde-framework-2.1.0-5.1mdv2010.0.noarch.rpm 
 829ef8be2547981a93127bde83d2749c  2010.0/SRPMS/kolab-horde-framework-2.1.0-5.1mdv2010.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

[ MDVSA-2010:131 ] iscsitarget

 36bb03a8d5bca8d6adf6d993631cb364  mes5/x86_64/iscsitarget-0.4.16-4.1mdvmes5.1.x86_64.rpm 
 dfc510968e9217ce959ab1d4e2e592ce  mes5/SRPMS/iscsitarget-0.4.16-4.1mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

[ MDVSA-2010:121 ] pango

 4dd5ce363b7eaa068cab0c387cc23230  mes5/x86_64/pango-doc-1.22.0-1.2mdvmes5.1.x86_64.rpm 
 6425231a4d3181a952f1f5d16551ccd9  mes5/SRPMS/pango-1.22.0-1.2mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

[ MDVSA-2010:102 ] ghostscript

 726fe6f338a3f4db537d99f14abc6d81  mes5/x86_64/lib64ijs1-devel-0.35-62.4mdvmes5.1.x86_64.rpm 
 0bca27a00704c2ac8896caaba43aa8cb  mes5/SRPMS/ghostscript-8.63-62.4mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

[ MDVSA-2010:082-1 ] clamav

 a30754b6315274b7ee8536312950ba2a  2009.0/x86_64/lib64clamav-devel-0.96-0.1mdv2009.0.x86_64.rpm 
 72dccb903ebd1b09db844f8e5a75a8a2  2009.0/SRPMS/clamav-0.96-0.1mdv2009.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

[ MDVSA-2010:122 ] fastjar

 3148e7eb8d655ec4740d6bc3f2cef9b6  corporate/4.0/x86_64/libstdc++6-static-devel-4.0.1-5.4.20060mlcs4.x86_64.rpm 
 f418034fdacecb6bc1b7726e56a447dc  corporate/4.0/SRPMS/gcc-4.0.1-5.4.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

[ MDVSA-2010:120 ] squirrelmail

 148237802efc38b9b791cde3fe1a156a  mes5/x86_64/squirrelmail-zh_TW-1.4.19-2.3mdvmes5.1.noarch.rpm 
 f9fbf5d0238d86243633831df6b1bea2  mes5/SRPMS/squirrelmail-1.4.19-2.3mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

[ MDVSA-2010:128 ] lftp

 26f7432fb7542a7f0eaecea1b947e47d  mes5/x86_64/lib64lftp-devel-3.7.4-1.1mdvmes5.1.x86_64.rpm 
 5d46343519e5e1a495ed1d7980527dd6  mes5/SRPMS/lftp-3.7.4-1.1mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

[ MDVSA-2010:093 ] mysql

 7e38f7400e1c96fbb5e24520ab554b4b  2010.0/x86_64/mysql-ndb-tools-5.1.42-0.3mdv2010.0.x86_64.rpm 
 04afccfb76f0f88375f9dc6598584f9b  2010.0/SRPMS/mysql-5.1.42-0.3mdv2010.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

[ MDVSA-2010:108 ] kolab-horde-framework

 4b53826eac6ad882a138f67e8a0ca946  2010.0/x86_64/kolab-horde-framework-2.1.0-5.1mdv2010.0.noarch.rpm 
 829ef8be2547981a93127bde83d2749c  2010.0/SRPMS/kolab-horde-framework-2.1.0-5.1mdv2010.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

[ MDVSA-2010:077 ] nss_db

 aaf70dc135560db8ccd17831154ce259  mes5/x86_64/nss_db-2.2.3-0.pre1.4.1mdvmes5.1.x86_64.rpm 
 194e4cab894286ce36793880ac889db5  mes5/SRPMS/nss_db-2.2.3-0.pre1.4.1mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

[ MDVSA-2010:092 ] cacti

 ec13040e7536fb994b1b3126cdd21daa  mes5/x86_64/cacti-0.8.7e-11.1mdvmes5.1.noarch.rpm 
 3d72b27fdf373d02a966292cd543fe76  mes5/SRPMS/cacti-0.8.7e-11.1mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

[ MDVSA-2010:115 ] perl

 04bfa6b5384b173164912fc4adad9459  mnf/2.0/i586/perl-doc-5.8.3-5.9.M20mdk.i586.rpm 
 72247c85df7d57f488f9792eb88d2b3d  mnf/2.0/SRPMS/perl-5.8.3-5.9.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

[ MDVSA-2010:091 ] openoffice.org

 2233be6e329907471dbaa9ae7ae37de4  mes5/SRPMS/openoffice.org-3.1.1-0.5mdvmes5.1.src.rpm
 a1b70b42eff0bf26168c09b81efb687b  mes5/SRPMS/vigra-1.5.0-3.1mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

[ MDVSA-2010:123 ] libneon0.27

 6eeb40b8bb60ee6e4d173aa0fcbbd865  2010.0/x86_64/lib64neon0.27-static-devel-0.29.0-1.3mdv2010.0.x86_64.rpm 
 4827e973606dbfcda4ea705f5a170599  2010.0/SRPMS/libneon0.27-0.29.0-1.3mdv2010.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

[ MDVSA-2010:106 ] aria2

 bd717edf887ab38d2e05e0b407eaa6bb  mes5/x86_64/aria2-0.15.3-0.20080918.3.2mdvmes5.1.x86_64.rpm 
 378aa9a1713fe97bf4ad025b38a68c3b  mes5/SRPMS/aria2-0.15.3-0.20080918.3.2mdv2009.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

[ MDVSA-2010:117 ] cacti

 2c7396c682f13d1bb2bb64ee1da5bf31  mes5/x86_64/cacti-0.8.7e-11.2mdvmes5.1.noarch.rpm 
 e227dce4f0cb120ab103f895ac62a2ca  mes5/SRPMS/cacti-0.8.7e-11.2mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

[ MDVSA-2010:126 ] mozilla-thunderbird

 ea13f752be6439db8e9f61a8dd1d26d0  2010.0/SRPMS/mozilla-thunderbird-enigmail-l10n-3.0.5-0.1mdv2010.0.src.rpm
 2149ee8d6d2fc7d49b2aa5335b6d8022  2010.0/SRPMS/mozilla-thunderbird-l10n-3.0.5-0.1mdv2010.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

[ MDVSA-2010:098 ] kdenetwork4

 ead54496e1e61f46b01dd9232f1f84b5  2010.0/x86_64/lib64oscar1-4.3.5-0.5mdv2010.0.x86_64.rpm 
 70abe2b7bb98cf2116009efcefd5786c  2010.0/SRPMS/kdenetwork4-4.3.5-0.5mdv2010.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

[ MDVSA-2010:130 ] heimdal

 9dc269e3c28fbccd6485173aa1838245  mes5/x86_64/heimdal-workstation-1.2-4.1mdvmes5.1.x86_64.rpm 
 d41ca60ee0f8980f1b0ff2e4c0eff949  mes5/SRPMS/heimdal-1.2-4.1mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

[ MDVSA-2010:090-1 ] samba

 b9628165fe466ece2a0f335026c2feeb  2010.0/x86_64/tdb-utils-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm 
 b7504617214cb1034a29580b2b697593  2010.0/SRPMS/samba4-4.0.0-0.4.alpha8.1mdv2010.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

[ MDVSA-2010:129 ] heimdal

 889807bdaa224a44c9d63eb03f66738b  corporate/4.0/x86_64/heimdal-workstation-0.7.2-8.2.20060mlcs4.x86_64.rpm 
 0e185a5ad5f4c522c39c02991f220313  corporate/4.0/SRPMS/heimdal-0.7.2-8.2.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

[ MDVSA-2010:099 ] wireshark

 45a0c1e7597283105216f4a722d32854  mes5/x86_64/wireshark-tools-1.0.13-0.1mdvmes5.1.x86_64.rpm 
 355ce77e75e6cf4f2f86e0824aeb81a2  mes5/SRPMS/wireshark-1.0.13-0.1mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

[ MDVSA-2010:089 ] gnutls

 c314b0a81f8054f66904de9f0d834fe7  corporate/4.0/x86_64/lib64gnutls11-devel-1.0.25-2.6.20060mlcs4.x86_64.rpm 
 218de7295416f13d1b2ca306ede3563e  corporate/4.0/SRPMS/gnutls-1.0.25-2.6.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

[ MDVSA-2010:113 ] wireshark

 34cd72cad36e3fae9fcf3006cf19c22d  mes5/x86_64/wireshark-tools-1.0.14-0.1mdvmes5.1.x86_64.rpm 
 81416ee15a5923e20aee9e523532b858  mes5/SRPMS/wireshark-1.0.14-0.1mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

Next Page>>

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!