Gentoo Local Security Checks : Gentoo Security Advisory GLSA 201110-15 (GnuPG)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.70778

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 201110-15 (GnuPG)

Resumen: The remote host is missing updates announced in;advisory GLSA 201110-15.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 201110-15.

Vulnerability Insight:
The GPGSM utility included in GnuPG contains a use-after-free
vulnerability that may allow an unauthenticated remote attacker to
execute
arbitrary code.

Solution:
All GnuPG 2.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=app-crypt/gnupg-2.0.16-r1'

CVSS Score:
5.1

CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-2547
1024247
http://www.securitytracker.com/id?1024247
38877
http://secunia.com/advisories/38877
40718
http://secunia.com/advisories/40718
40841
http://secunia.com/advisories/40841
41945
http://www.securityfocus.com/bid/41945
ADV-2010-1931
http://www.vupen.com/english/advisories/2010/1931
ADV-2010-1950
http://www.vupen.com/english/advisories/2010/1950
ADV-2010-1988
http://www.vupen.com/english/advisories/2010/1988
ADV-2010-2217
http://www.vupen.com/english/advisories/2010/2217
ADV-2010-3125
http://www.vupen.com/english/advisories/2010/3125
DSA-2076
http://www.debian.org/security/2010/dsa-2076
FEDORA-2010-11413
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html
MDVSA-2010:143
http://www.mandriva.com/security/advisories?name=MDVSA-2010:143
SSA:2010-240-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462008
SUSE-SR:2010:020
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html
[gnupg-announce] 20100723 [Announce] Security Alert for GnuPG 2.0 - Realloc bug in GPGSM
http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076
https://issues.rpath.com/browse/RPL-3229

Copyright Copyright (C) 2012 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.70778
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 201110-15 (GnuPG)
Resumen:	The remote host is missing updates announced in;advisory GLSA 201110-15.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 201110-15. Vulnerability Insight: The GPGSM utility included in GnuPG contains a use-after-free vulnerability that may allow an unauthenticated remote attacker to execute arbitrary code. Solution: All GnuPG 2.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-crypt/gnupg-2.0.16-r1' CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2547 1024247 http://www.securitytracker.com/id?1024247 38877 http://secunia.com/advisories/38877 40718 http://secunia.com/advisories/40718 40841 http://secunia.com/advisories/40841 41945 http://www.securityfocus.com/bid/41945 ADV-2010-1931 http://www.vupen.com/english/advisories/2010/1931 ADV-2010-1950 http://www.vupen.com/english/advisories/2010/1950 ADV-2010-1988 http://www.vupen.com/english/advisories/2010/1988 ADV-2010-2217 http://www.vupen.com/english/advisories/2010/2217 ADV-2010-3125 http://www.vupen.com/english/advisories/2010/3125 DSA-2076 http://www.debian.org/security/2010/dsa-2076 FEDORA-2010-11413 http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html MDVSA-2010:143 http://www.mandriva.com/security/advisories?name=MDVSA-2010:143 SSA:2010-240-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462008 SUSE-SR:2010:020 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html [gnupg-announce] 20100723 [Announce] Security Alert for GnuPG 2.0 - Realloc bug in GPGSM http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076 https://issues.rpath.com/browse/RPL-3229
Copyright	Copyright (C) 2012 E-Soft Inc.