|
Family: Debian Local Security Checks --> Category: infos
[DSA993] DSA-993-2 gnupg Vulnerability Scan
Vulnerability Scan Summary DSA-993-2 gnupg
Detailed Explanation for this Vulnerability Test
Tavis Ormandy noticed that gnupg, the GNU privacy guard - a free PGP
replacement, can be tricked to emit a "good signature" status message
when a valid signature is included which does not belong to the data
packet. This update basically adds fixed packages for woody whose
version turned out to be vulnerable as well.
For the old stable distribution (woody) this problem has been fixed in
version 1.0.6-4woody5.
For the stable distribution (sarge) this problem has been fixed in
version 1.4.1-1.sarge3.
For the unstable distribution (sid) this problem has been fixed in
version 1.4.2.2-1.
We recommend that you upgrade your gnupg package.
Solution : http://www.debian.org/security/2006/dsa-993
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|