Slackware Advisory SSA:2003-141-04 GnuPG Key Validation Fix Network Vulnerability

Summary

The remote host is missing an update as announced via advisory SSA:2003-141-04.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2003-141-04

Insight

A key validation bug which results in all user IDs on a given key being treated with the validity of the most-valid user ID on that key has been fixed with the release of GnuPG 1.2.2. We recommend sites using GnuPG upgrade to this new package. For detailed information about the problem, see this page: http://lists.gnupg.org/pipermail/gnupg-announce/2003q2/000268.html

Severity

Classification

CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Slackware Advisory SSA:2005-172-01 sudo
Slackware Advisory SSA:2004-266-01 CUPS DoS
Slackware Advisory SSA:2005-203-03 zlib
Slackware Advisory SSA:2006-357-04 koffice
Slackware Advisory SSA:2006-310-01 bind

Slackware Advisory SSA:2003-141-04 GnuPG key validation fix

Take action and discover your vulnerabilities