Bugtraq mailing list archives
The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG)
From: Werner Koch <wk () gnupg org>
Date: Fri, 1 Jun 2001 21:23:54 +0200
Hi! A remark on the recent GnuPG bug and the exploit: In many cases GnuPG is used as a backend for a MUA or some script. In these cases gpg should be called with the option --batch which suppresses the output of the filename to the tty and thereby makes it immune against the bug. So, it should be save to continue using GnuPG from within a MUA. However, I strongly recommend to upgrade anyway or just fix the problem in util/ttyio.c as fish stiqz suggested. There are minor build problem in GnuPG 1.0.6 when GCC is not used. The missing parenthesis is quite obvious and the other problems are related to gettext. If you encounter such a problem try to use ./configure --with-included-gettext && make and if this also fails, forget about NLS by using ./configure --disable-nls && make BTW, the Windows version is not affect by this bug, but there are probably other problems with this system ;-) Please send complains or other comments to <gnupg-users () gnupg org> and NOT by private mail. Thanks. Ciao, Werner -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus
Current thread:
- TSLSA-2001-0009 - GnuPG Trustix Secure Linux Advisor (Jun 01)
- The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG) Werner Koch (Jun 01)