Test ID:	1.3.6.1.4.1.25623.1.0.51437
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2003:694
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2003:694. GnuPG[1] is a OpenPGP-compliant tool for secure communication used to, for example, sign emails, encrypt, decrypt and verify (signed) data. During the development of GnuPG 1.2.2, a bug has been found in the key validation code. This bug causes keys with more than one user ID to give all user IDs on the key the amount of validity given to the most-valid key. In this situation, GnuPG would not emit a warning when a low trust ID is used for encryption if that key also contains a trusted enough ID. Keys with only one ID are not affected by this problem. For Conectiva Linux 7.0 and 8, the GnuPG package has been updated to version 1.0.7 and includes a fix provided by the authors[2]. GnuPG in Conectiva Linux 9 does not need a version upgrade and includes the same patch. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.gnupg.org/ http://lists.gnupg.org/pipermail/gnupg-announce/2003q2/000268.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0255 http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:694 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.