|
Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2003:061: gnupg Vulnerability Scan
Vulnerability Scan Summary Check for the version of the gnupg package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2003:061 (gnupg).
A bug was discovered in GnuPG versions 1.2.1 and earlier. When gpg evaluates
trust values for different UIDs assigned to a key, it would incorrectly
associate the trust value of the UID with the highest trust value with every
other UID assigned to that key. This prevents a warning message from being given
when attempting to encrypt to an invalid UID, but due to the bug, is accepted as
valid.
Patches have been applied for version 1.0.7 and all users are encouraged to
upgrade.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:061
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|