Phong Nguyen identified a severe bug in the way GnuPG creates anduses ElGamal keys, when those keys are used both to sign and encryptdata. This vulnerability can be used to trivially recover theprivate key.
Comment
XBoard 4.2.6 and older contains a script which writes to a file in /tmp with a predictable filename. Malicious users could use this vulnerability to force XBoard users to overwrite any file writableby them.
A heap overflow bug exists in rsync versions prior to 2.5.7. Onmachines where the rsync server has been enabled, a remote attackercould use this flaw to execute arbitrary code as an unprivileged user.
This release also includes an updated RHNS-CA-CERT file, which contains an additional CA certificate. This is needed so that up2date can continue to communicate with Red Hat Network once the current CA certificate reaches its August 2003 expiration date.
A bug has been found in versions of lv that read a .lv file in the current directory. Local attackers can use this to place an .lv file in any directory to which they have write access.