Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:143 (gnupg2)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.68260
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Security Advisory MDVSA-2010:143 (gnupg2)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to gnupg2 announced via advisory MDVSA-2010:143. A vulnerability has been discovered and corrected in gnupg2: Importing a certificate with more than 98 Subject Alternate Names via GPGSM's import command or implicitly while verifying a signature causes GPGSM to reallocate an array with the names. The bug is that the reallocation code misses assigning the reallocated array to the old array variable and thus the old and freed array will be used. Usually this leads to a segv (CVE-2010-2547). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:143 http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html Risk factor : High CVSS Score: 5.1
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2547 1024247 http://www.securitytracker.com/id?1024247 38877 http://secunia.com/advisories/38877 40718 http://secunia.com/advisories/40718 40841 http://secunia.com/advisories/40841 41945 http://www.securityfocus.com/bid/41945 ADV-2010-1931 http://www.vupen.com/english/advisories/2010/1931 ADV-2010-1950 http://www.vupen.com/english/advisories/2010/1950 ADV-2010-1988 http://www.vupen.com/english/advisories/2010/1988 ADV-2010-2217 http://www.vupen.com/english/advisories/2010/2217 ADV-2010-3125 http://www.vupen.com/english/advisories/2010/3125 DSA-2076 http://www.debian.org/security/2010/dsa-2076 FEDORA-2010-11413 http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html MDVSA-2010:143 http://www.mandriva.com/security/advisories?name=MDVSA-2010:143 SSA:2010-240-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462008 SUSE-SR:2010:020 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html [gnupg-announce] 20100723 [Announce] Security Alert for GnuPG 2.0 - Realloc bug in GPGSM http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076 https://issues.rpath.com/browse/RPL-3229
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com