|
Family: Ubuntu Local Security Checks --> Category: infos
USN264-1 : gnupg vulnerability Vulnerability Scan
Vulnerability Scan Summary gnupg vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote package "gnupg" is missing a security patch.
Description :
Tavis Ormandy discovered a flaw in gnupg's signature verification. In
some cases, certain invalid signature formats could cause gpg to
report a 'good signature' result for auxiliary unsigned data which was
prepended or appended to the checked message part.
Solution :
Upgrade to :
- gnupg-1.4.1-1ubuntu1.2 (Ubuntu 5.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|