RedHat Update For Gnupg2 RHSA-2010:0603-01 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. A use-after-free flaw was found in the way gpgsm, a Cryptographic Message Syntax (CMS) encryption and signing tool, handled X.509 certificates with a large number of Subject Alternate Names. A specially-crafted X.509 certificate could, when imported, cause gpgsm to crash or, possibly, execute arbitrary code. (CVE-2010-2547) All gnupg2 users should upgrade to this updated package, which contains a backported patch to correct this issue.

Affected

gnupg2 on Red Hat Enterprise Linux (v. 5 server)

References

https://www.redhat.com/archives/rhsa-announce/2010-August/msg00008.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2547
CVSS Base Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

RedHat Security Advisory RHSA-2009:1140
RedHat Update for 389-ds-base RHSA-2013:1182-01
RedHat Security Advisory RHSA-2009:1688
RedHat Security Advisory RHSA-2009:0020
RedHat Security Advisory RHSA-2009:1427

RedHat Update for gnupg2 RHSA-2010:0603-01

Take action and discover your vulnerabilities