Huawei EulerOS Local Security Checks : Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2019-2393)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.2.2019.2393

Kategorie: Huawei EulerOS Local Security Checks

Titel: Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2019-2393)

Zusammenfassung: The remote host is missing an update for the Huawei EulerOS 'gnupg2' package(s) announced via the EulerOS-SA-2019-2393 advisory.

Beschreibung: Summary:
The remote host is missing an update for the Huawei EulerOS 'gnupg2' package(s) announced via the EulerOS-SA-2019-2393 advisory.

Vulnerability Insight:
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.(CVE-2018-9234)

The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.(CVE-2014-4617)

Affected Software/OS:
'gnupg2' package(s) on Huawei EulerOS V2.0SP2.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-4617
Debian Security Information: DSA-2967 (Google Search)
http://www.debian.org/security/2014/dsa-2967
Debian Security Information: DSA-2968 (Google Search)
http://www.debian.org/security/2014/dsa-2968
http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html
http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html
http://secunia.com/advisories/59213
http://secunia.com/advisories/59351
http://secunia.com/advisories/59534
http://secunia.com/advisories/59578
SuSE Security Announcement: openSUSE-SU-2014:0866 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html
http://www.ubuntu.com/usn/USN-2258-1
Common Vulnerability Exposure (CVE) ID: CVE-2018-9234
https://dev.gnupg.org/T3844
https://usn.ubuntu.com/3675-1/

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.2.2019.2393
Kategorie:	Huawei EulerOS Local Security Checks
Titel:	Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2019-2393)
Zusammenfassung:	The remote host is missing an update for the Huawei EulerOS 'gnupg2' package(s) announced via the EulerOS-SA-2019-2393 advisory.
Beschreibung:	Summary: The remote host is missing an update for the Huawei EulerOS 'gnupg2' package(s) announced via the EulerOS-SA-2019-2393 advisory. Vulnerability Insight: GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.(CVE-2018-9234) The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.(CVE-2014-4617) Affected Software/OS: 'gnupg2' package(s) on Huawei EulerOS V2.0SP2. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-4617 Debian Security Information: DSA-2967 (Google Search) http://www.debian.org/security/2014/dsa-2967 Debian Security Information: DSA-2968 (Google Search) http://www.debian.org/security/2014/dsa-2968 http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html http://secunia.com/advisories/59213 http://secunia.com/advisories/59351 http://secunia.com/advisories/59534 http://secunia.com/advisories/59578 SuSE Security Announcement: openSUSE-SU-2014:0866 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html http://www.ubuntu.com/usn/USN-2258-1 Common Vulnerability Exposure (CVE) ID: CVE-2018-9234 https://dev.gnupg.org/T3844 https://usn.ubuntu.com/3675-1/
Copyright	Copyright (C) 2020 Greenbone Networks GmbH