Release Notes for PGP Desktop Security 6.5.3 for Windows 95/98, Windows NT, and Windows 2000 Copyright (c) 1990-2000 by Networks Associates Technology, Inc., and its Affiliated Companies. All Rights Reserved. ---------------------------------------------- - HOTFIX 1 - ---------------------------------------------- Thank you for using Network Associates' products. This What's New file contains important information regarding this HotFix release. Network Associates strongly recommends that you read this entire document. Network Associates welcomes your comments and suggestions. Please use the information provided in this file to contact us. Warning: Export of this software may be restricted by the U.S. Government. ___________________ WHAT'S IN THIS FILE - The Purpose of this HotFix - What this HotFix Does - Files Included with this HotFix - Installation - Contacting Network Associates - Copyright and Trademark Attributions __________________________ THE PURPOSE OF THIS HOTFIX This HotFix corrects a security-related bug with Additional Decryption Keys (ADKs) that may allow sophisticated attackers to add unauthorized ADK key IDs to the unhashed areas of PGP public keys. For more information about this bug, please review the PGP ADK Security Advisory available on www.pgp.com. _____________________ WHAT THIS HOTFIX DOES * PGP Desktop Security * For PGP Desktop Security, this HotFix installs an updated PGP_SDK.DLL, which requires that ADK and other subpackets be within the hashed portion of the self-signature subpacket. This new .DLL ignores any signatures containing the unhashed subpackets described in the advisory. * PGP Command Line * For PGP Command Line (included with PGP Desktop Security), this HotFix supplies a new PGP.EXE file. The updated PGP.EXE file requires that ADK and other subpackets be within the hashed portion of the self-signature subpacket. This new .EXE ignores any signatures containing the unhashed subpackets described in the advisory. _______________________________ FILES INCLUDED WITH THIS HOTFIX This HotFix consists of the following files: PGP_SDK.DLL = PGP core cryptographic library. Provides the HotFix for PGP Desktop Security. PGP.EXE = PGP Command Line executable. Provides the HotFix for PGP Command Line. HOTFIX.TXT = (This file.) ____________ INSTALLATION To install this HotFix, follow the steps below. * PGP Desktop Security * Installing this HotFix is a manual process in which you replace the existing PGP_SDK.DLL file on your machine with the one included in this HotFix. 1. Close all running applications. 2 Replace the old PGP_SDK.DLL on your machine with the PGP_SDK.DLL included with this HotFix. This file can typically be found in one of the following directories: On Windows 95/98: C:\windows\system On Windows NT/2000: C:\winnt\system32 Note: If you get an error message telling you that the file is 'locked' or 'in use,' you must restart your computer and then perform step 2. 3. To complete the installation of the HotFix, restart your computer. * PGP Command Line * Installing this HotFix is a manual process in which you replace the existing PGP.EXE file on your machine with the one included in this HotFix. 1. Close all running applications. 2 Replace the old PGP.EXE on your machine with the PGP.EXE included with this HotFix. (This file can typically be found in C:\Program Files\Network Associates\PGPNT\) Note: If you get an error message telling you that the file is 'locked' or 'in use,' you must restart your computer and then perform step 2. 3. To complete the installation of the HotFix, restart your computer. * REMOVING THIS HOTFIX * To remove this HotFix from your computer, reinstall your original PGP 6.5.3 software. NOTE: Network Associates recommends that you do NOT remove the HotFix file from your PGP installation once you have installed it. If you reinstall your PGP 6.5.3 product, Network Associates recommends that you also reinstall this HotFix. _____________________________ CONTACTING NETWORK ASSOCIATES You may direct all questions, comments, or requests concerning the software you purchased, your registration status, or similar issues to the Network Associates Customer Service department at the addresses or phone numbers listed below. Contact the Network Associates Customer Service department between 8:00 a.m. and 8:00 p.m. Central Time, Monday through Friday, at: Network Associates Customer Service 4099 McEwen Road, Suite 500 Dallas, Texas 75244 Contact information for corporate-licensed customers: Phone: (972) 308-9960 Email: services_corporate_division@nai.com Web: http://support.nai.com Contact information for retail licensed customers: Phone: (972) 308-9960 Email: cust_care@nai.com Web: http://www.pgp.com Send correspondence to the following Network Associates location: Network Associates Corporate Headquarters 3965 Freedom Circle McCandless Towers Santa Clara, CA 95054 Or, you can receive online assistance through any of the following resources: 1. World Wide Web: http://support.nai.com 2. Telephone technical support Corporate-licensed customers: (972) 308-9960 Contact Network Associates Customer Service for information about technical support subscription plans. Retail-licensed customers: (972) 855-7044 To provide the answers you need quickly and efficiently, the Network Associates technical support staff needs some information about your computer and your software. Please have this information ready when you call: - Program name and version number - Computer brand and model - Any additional hardware or peripherals connected to your computer - Operating system type and version numbers - Network name, operating system, and version - Network card installed, where applicable - Modem manufacturer, model, and bits-per- second rate, where applicable - Relevant browsers or applications and their version numbers, where applicable - How to reproduce your problem: when it occurs, whether you can reproduce it regularly, and under what conditions - Information needed to contact you by voice, fax, or email *FOR PRODUCT UPGRADES* Network Associates has a worldwide range of partnerships and reseller relationships with hundreds of independent vendors, each of which can provide you with consulting services, sales advice, and product support for Network Associates software. To find a reseller near your location, see the RESELLER.TXT file located on your product CD-ROM or installed on your hard disk. For assistance in locating a local reseller, you can also contact Network Associates Customer Service at (972) 308-9960. *FOR REPORTING PROBLEMS* Network Associates prides itself on delivering a high-quality product. If you find any problems, please take a moment to review the contents of this file. If the problem you've encountered appears in the Known Issues section of this README.TXT file, Network Associates is already aware of the problem, and you need not report it. If you find any feature that does not appear to function properly on your system, or if you believe an application would benefit greatly from enhancement, please contact Network Associates or one of its resellers with your suggestions or concerns. *FOR ON-SITE TRAINING INFORMATION* Contact Network Associates Customer Service at (800) 338-8754. ____________________________________ COPYRIGHT AND TRADEMARK ATTRIBUTIONS Copyright (c) 1999 Networks Associates Technology, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Networks Associates Technology, Inc., or its suppliers or affiliate companies. * TRADEMARKS * * ActiveHelp, Bomb Shelter, Building a World of Trust, CipherLink, Clean-Up, Cloaking, CNX, Compass 7, CyberCop, CyberMedia, Data Security Letter, Discover, Distributed Sniffer System, Dr Solomon’s, Enterprise Secure Cast, First Aid, ForceField, Gauntlet, GMT, GroupShield, HelpDesk, Hunter, ISDN Tel/Scope, LM 1, LANGuru, Leading Help Desk Technology, Magic Solutions, MagicSpy, MagicTree, Magic University, MagicWin, MagicWord, McAfee, McAfee Associates, MoneyMagic, More Power To You, Multimedia Cloaking, NetCrypto, NetOctopus, NetRoom, NetScan, Net Shield, NetShield, NetStalker, Net Tools, Network Associates, Network General, Network Uptime!, NetXRay, Nuts & Bolts, PC Medic, PCNotary, PGP, PGP (Pretty Good Privacy), PocketScope, Pop-Up, PowerTelnet, Pretty Good Privacy, PrimeSupport, RecoverKey, RecoverKey-International, ReportMagic, RingFence, Router PM, Safe & Sound, SalesMagic, SecureCast, Service Level Manager, ServiceMagic, Site Meter, Sniffer, SniffMaster, SniffNet, Stalker, Statistical Information Retrieval (SIR), SupportMagic, Switch PM, TeleSniffer, TIS, TMach, TMeg, Total Network Security, Total Network Visibility, Total Service Desk, Total Virus Defense, T-POD, Trusted Mach, Trusted Mail, Uninstaller, Virex, Virex-PC, Virus Forum, ViruScan, VirusScan, VShield, WebScan, WebShield, WebSniffer, WebStalker WebWall, and ZAC 2000 are registered trademarks of Network Associates and/or its affiliates in the US and/or other countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners. * LICENSE AGREEMENT * NOTICE TO ALL USERS: FOR THE SPECIFIC TERMS OF YOUR LICENSE TO USE THE SOFTWARE THAT THIS DOCUMENTATION DESCRIBES, CONSULT THE README.1ST, LICENSE.TXT, OR OTHER LICENSE DOCUMENT THAT ACCOMPANIES YOUR SOFTWARE, EITHER AS A TEXT FILE OR AS PART OF THE SOFTWARE PACKAGING. IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH THEREIN, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO THE PLACE OF PURCHASE FOR A FULL REFUND.