Family: Ubuntu Local Security Checks --> Category: infos
USN264-1 : gnupg vulnerability Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
The remote package "gnupg" is missing a security patch.
Tavis Ormandy discovered a flaw in gnupg's signature verification. In
some cases, certain invalid signature formats could cause gpg to
report a 'good signature' result for auxiliary unsigned data which was
prepended or appended to the checked message part.
Upgrade to :
- gnupg-1.4.1-1ubuntu1.2 (Ubuntu 5.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.