Ubuntu Update For Gnupg2, Gpgme1.0 Vulnerability USN-432-2 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-432-2

Solution

Please Install the Updated Packages.

Insight

USN-432-1 fixed a vulnerability in GnuPG. This update provides the corresponding updates for GnuPG2 and the GPGME library. Original advisory details: Gerardo Richarte from Core Security Technologies discovered that when gnupg is used without --status-fd, there is no way to distinguish initial unsigned messages from a following signed message. An attacker could inject an unsigned message, which could fool the user into thinking the message was entirely signed by the original sender.

Affected

gnupg2, gpgme1.0 vulnerability on Ubuntu 6.06 LTS , Ubuntu 6.10

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2007-March/000503.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-1263
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Ubuntu Update for apache2 USN-2152-1
Ubuntu Update for apt USN-2353-1
Ubuntu Update for acpi-support USN-2297-1
Ubuntu Update for apache2 USN-1259-1
Ubuntu Update for cinder USN-2405-1

Ubuntu Update for gnupg2, gpgme1.0 vulnerability USN-432-2

Take action and discover your vulnerabilities