Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

GnuPG gpgsm bug

Published: 2010-07-24
Last Updated: 2010-07-24 06:11:43 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
0 comment(s)

gpgsm is a tool similar to gpg designed to provide digital encryption and signing services on X.509 certificates and the CMS protocol. There is a bug with this tool when importing a X509 certificate with more than 98 subject alternate names or implicitly while verifying a signature.

Version 2.0.16 is affected and older versions should be affected as well. More information at http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html

-- Manuel Humberto Santander Peláez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org

Keywords: gnupg gpgsm X509
0 comment(s)
Diary Archives