Ubuntu Update For Gnupg Vulnerability USN-432-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-432-1

Solution

Please Install the Updated Packages.

Insight

Gerardo Richarte from Core Security Technologies discovered that when gnupg is used without --status-fd, there is no way to distinguish initial unsigned messages from a following signed message. An attacker could inject an unsigned message, which could fool the user into thinking the message was entirely signed by the original sender.

Affected

gnupg vulnerability on Ubuntu 5.10 , Ubuntu 6.06 LTS , Ubuntu 6.10

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2007-March/000498.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-1263
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Ubuntu Update for bind9 vulnerability USN-491-1
Ubuntu Update for clamav vulnerabilities USN-945-1
Ubuntu Update for bind9 USN-1139-1
Ubuntu Update for dovecot USN-1295-1
Ubuntu Update for cups, cupsys vulnerabilities USN-906-1

Ubuntu Update for gnupg vulnerability USN-432-1

Take action and discover your vulnerabilities