Red Hat Local Security Checks : RedHat Security Advisory RHSA-2003:176

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50982

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2003:176

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2003:176.

The GNU Privacy Guard (GnuPG) is a utility for encrypting data and
creating digital signatures.

When evaluating trust values for the UIDs assigned to a given key,
GnuPG versions earlier than 1.2.2 would incorrectly associate the trust
value of the UID having the highest trust value with every UID assigned to
this key. This would prevent an expected warning message from being generated.

All users are advised to upgrade to these errata packages which include an
update to GnuPG 1.0.7 containing patches from the GnuPG
development team to correct this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2003-176.html
http://lists.gnupg.org/pipermail/gnupg-announce/2003q2/000268.html

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: BugTraq ID: 7497
Common Vulnerability Exposure (CVE) ID: CVE-2003-0255
http://www.securityfocus.com/bid/7497
Bugtraq: 20030504 Key validity bug in GnuPG 1.2.1 and earlier (Google Search)
http://marc.info/?l=bugtraq&m=105215110111174&w=2
Bugtraq: 20030516 [OpenPKG-SA-2003.029] OpenPKG Security Advisory (gnupg) (Google Search)
http://marc.info/?l=bugtraq&m=105311804129104&w=2
Bugtraq: 20030522 [slackware-security] GnuPG key validation fix (SSA:2003-141-04) (Google Search)
http://marc.info/?l=bugtraq&m=105362224514081&w=2
CERT/CC vulnerability note: VU#397604
http://www.kb.cert.org/vuls/id/397604
Conectiva Linux advisory: CLA-2003:694
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000694
En Garde Linux Advisory: 20030515-016
http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html
En Garde Linux Advisory: ESA-20030515-016
http://marc.info/?l=bugtraq&m=105301357425157&w=2
http://www.mandriva.com/security/advisories?name=MDKSA-2003:061
http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html
http://www.osvdb.org/4947
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135
http://www.redhat.com/support/errata/RHSA-2003-175.html
http://www.redhat.com/support/errata/RHSA-2003-176.html
SCO Security Bulletin: CSSA-2003-034.0
TurboLinux Advisory: TLSA200334
http://www.turbolinux.com/security/TLSA-2003-34.txt
XForce ISS Database: gnupg-invalid-key-acceptance(11930)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11930

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50982
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2003:176
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2003:176. The GNU Privacy Guard (GnuPG) is a utility for encrypting data and creating digital signatures. When evaluating trust values for the UIDs assigned to a given key, GnuPG versions earlier than 1.2.2 would incorrectly associate the trust value of the UID having the highest trust value with every UID assigned to this key. This would prevent an expected warning message from being generated. All users are advised to upgrade to these errata packages which include an update to GnuPG 1.0.7 containing patches from the GnuPG development team to correct this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2003-176.html http://lists.gnupg.org/pipermail/gnupg-announce/2003q2/000268.html Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	BugTraq ID: 7497 Common Vulnerability Exposure (CVE) ID: CVE-2003-0255 http://www.securityfocus.com/bid/7497 Bugtraq: 20030504 Key validity bug in GnuPG 1.2.1 and earlier (Google Search) http://marc.info/?l=bugtraq&m=105215110111174&w=2 Bugtraq: 20030516 [OpenPKG-SA-2003.029] OpenPKG Security Advisory (gnupg) (Google Search) http://marc.info/?l=bugtraq&m=105311804129104&w=2 Bugtraq: 20030522 [slackware-security] GnuPG key validation fix (SSA:2003-141-04) (Google Search) http://marc.info/?l=bugtraq&m=105362224514081&w=2 CERT/CC vulnerability note: VU#397604 http://www.kb.cert.org/vuls/id/397604 Conectiva Linux advisory: CLA-2003:694 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000694 En Garde Linux Advisory: 20030515-016 http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html En Garde Linux Advisory: ESA-20030515-016 http://marc.info/?l=bugtraq&m=105301357425157&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2003:061 http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html http://www.osvdb.org/4947 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135 http://www.redhat.com/support/errata/RHSA-2003-175.html http://www.redhat.com/support/errata/RHSA-2003-176.html SCO Security Bulletin: CSSA-2003-034.0 TurboLinux Advisory: TLSA200334 http://www.turbolinux.com/security/TLSA-2003-34.txt XForce ISS Database: gnupg-invalid-key-acceptance(11930) https://exchange.xforce.ibmcloud.com/vulnerabilities/11930
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com