Mandriva Update For Gnupg MDKSA-2007:059 (gnupg) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

GnuPG prior to 1.4.7 and GPGME prior to 1.1.4, when run from the command line, did not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components. This could allow a remote attacker to forge the contents of an email message without detection. GnuPG 1.4.7 is being provided with this update and GPGME has been patched on Mandriva 2007.0 to provide better visual notification on these types of forgeries.

Affected

gnupg on Mandriva Linux 2006.0, Mandriva Linux 2006.0/X86_64, Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64

Severity

Classification

CVE CVE-2007-1263
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:136 (tomcat5)
Mandrake Security Advisory MDVSA-2009:043 (gnumeric)
Mandrake Security Advisory MDVSA-2009:157 (perl-Compress-Raw-Zlib)
Mandrake Security Advisory MDVSA-2009:032 (kernel)
Mandrake Security Advisory MDVSA-2009:004 (pam_mount)

Mandriva Update for gnupg MDKSA-2007:059 (gnupg)

Take action and discover your vulnerabilities