RHBA-2010:0513 - Bug Fix Advisory

Topic

An updated gnupg package that fixes a bug is now available.

Description

GnuPG is a utility for encrypting data and creating digital signatures.

This package addresses the following bug:

• compressed, old-style Modification Detection Code (MDC) packets do not

include length information and the decompressor uses an implicit end point.
In some circumstances (message length was likely the determining
circumstance) this could result in more bytes being supplied to the
decompressor than were needed. This resulted in GnuPG failing to decrypt
the file and returning an error as follows:

gpg: [don't know]: invalid packet (ctb=14)

With this update, the packet parsing was changed: MDC packets are now
decoded independently and are no longer passed to the packet parser that
lead to the errors. (BZ#592845).

GnuPG users should upgrade to this updated package, which resolves this
issue.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 602669 - gpg invalid packet error decrypting certain files

CVEs

(none)

References

(none)