Family: Red Hat Local Security Checks --> Category: infos
RHSA-2003-176: gnupg Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the gnupg packages
Detailed Explanation for this Vulnerability Test
Updated gnupg packages are now available which correct a bug in the GnuPG
key validation functions.
The GNU Privacy Guard (GnuPG) is a utility for encrypting data and
creating digital signatures.
When evaluating trust values for the UIDs assigned to a given key,
GnuPG versions earlier than 1.2.2 would incorrectly associate the trust
value of the UID having the highest trust value with every UID assigned to
this key. This would prevent an expected warning message from being
All users are advised to upgrade to these errata packages which include an
update to GnuPG 1.0.7 containing patches from the GnuPG
development team to correct this issue.
Solution : http://rhn.redhat.com/errata/RHSA-2003-176.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.