Test Kennung:	1.3.6.1.4.1.25623.1.0.50720
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDKSA-2003:061 (gnupg)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to gnupg announced via advisory MDKSA-2003:061. A bug was discovered in GnuPG versions 1.2.1 and earlier. When gpg evaluates trust values for different UIDs assigned to a key, it would incorrectly associate the trust value of the UID with the highest trust value with every other UID assigned to that key. This prevents a warning message from being given when attempting to encrypt to an invalid UID, but due to the bug, is accepted as valid. Patches have been applied for version 1.0.7 and all users are encouraged to upgrade. Affected versions: 8.2, 9.0, 9.1, Corporate Server 2.1, Multi Network Firewall 8.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2003:061 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0255 http://lists.gnupg.org/pipermail/gnupg-announce/2003q2/000268.html Risk factor : Critical CVSS Score: 10.0
Querverweis:	BugTraq ID: 7497 Common Vulnerability Exposure (CVE) ID: CVE-2003-0255 http://www.securityfocus.com/bid/7497 Bugtraq: 20030504 Key validity bug in GnuPG 1.2.1 and earlier (Google Search) http://marc.info/?l=bugtraq&m=105215110111174&w=2 Bugtraq: 20030516 [OpenPKG-SA-2003.029] OpenPKG Security Advisory (gnupg) (Google Search) http://marc.info/?l=bugtraq&m=105311804129104&w=2 Bugtraq: 20030522 [slackware-security] GnuPG key validation fix (SSA:2003-141-04) (Google Search) http://marc.info/?l=bugtraq&m=105362224514081&w=2 CERT/CC vulnerability note: VU#397604 http://www.kb.cert.org/vuls/id/397604 Conectiva Linux advisory: CLA-2003:694 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000694 En Garde Linux Advisory: 20030515-016 http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html En Garde Linux Advisory: ESA-20030515-016 http://marc.info/?l=bugtraq&m=105301357425157&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2003:061 http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html http://www.osvdb.org/4947 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135 http://www.redhat.com/support/errata/RHSA-2003-175.html http://www.redhat.com/support/errata/RHSA-2003-176.html SCO Security Bulletin: CSSA-2003-034.0 TurboLinux Advisory: TLSA200334 http://www.turbolinux.com/security/TLSA-2003-34.txt XForce ISS Database: gnupg-invalid-key-acceptance(11930) https://exchange.xforce.ibmcloud.com/vulnerabilities/11930
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.