 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.1.10.2013.0299 |
| Kategorie: | Mageia Linux Local Security Checks |
| Titel: | Mageia: Security Advisory (MGASA-2013-0299) |
| Zusammenfassung: | The remote host is missing an update for the 'gnupg2' package(s) announced via the MGASA-2013-0299 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'gnupg2' package(s) announced via the MGASA-2013-0299 advisory. Vulnerability Insight: Updated gnupg2 package fixes security vulnerabilities: RFC 4880 permits OpenPGP keyholders to mark their primary keys and subkeys with a 'key flags' packet that indicates the capabilities of the key. These are represented as a set of binary flags, including things like 'This key may be used to encrypt communications.' If a key or subkey has this 'key flags' subpacket attached with all bits cleared (off), GnuPG currently treats the key as having all bits set (on). While keys with this sort of marker are very rare in the wild, GnuPG's misinterpretation of this subpacket could lead to a breach of confidentiality or a mistaken identity verification (CVE-2013-4351). Special crafted input data may be used to cause a denial of service against GPG. GPG can be forced to recursively parse certain parts of OpenPGP messages ad infinitum (CVE-2013-4402). Affected Software/OS: 'gnupg2' package(s) on Mageia 2, Mageia 3. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-4351 DSA-2773 http://www.debian.org/security/2013/dsa-2773 DSA-2774 http://www.debian.org/security/2013/dsa-2774 RHSA-2013:1459 http://rhn.redhat.com/errata/RHSA-2013-1459.html USN-1987-1 http://ubuntu.com/usn/usn-1987-1 [oss-security] 20130913 Re: GnuPG treats no-usage-permitted keys as all-usages-permitted http://www.openwall.com/lists/oss-security/2013/09/13/4 http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138 https://bugzilla.redhat.com/show_bug.cgi?id=1010137 openSUSE-SU-2013:1526 http://lists.opensuse.org/opensuse-updates/2013-10/msg00003.html openSUSE-SU-2013:1532 http://lists.opensuse.org/opensuse-updates/2013-10/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2013-4402 Debian Security Information: DSA-2773 (Google Search) Debian Security Information: DSA-2774 (Google Search) http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html RedHat Security Advisories: RHSA-2013:1459 SuSE Security Announcement: openSUSE-SU-2013:1546 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-10/msg00020.html SuSE Security Announcement: openSUSE-SU-2013:1552 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-10/msg00025.html http://www.ubuntu.com/usn/USN-1987-1 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |