| Description: | Summary:
The remote host is missing an update for the 'gnupg' package(s) announced via the SSA:2006-340-01 advisory.
Vulnerability Insight:
New gnupg packages are available for Slackware 9.0, 9.1, 10.0, 10.1,
10.2, and 11.0 to fix security issues.
More details about the issues may be found here:
[links moved to references]
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/gnupg-1.4.6-i486-1_slack11.0.tgz:
Upgraded to gnupg-1.4.6. This release fixes a severe and exploitable
bug in earlier versions of gnupg. All gnupg users should update to the
new packages as soon as possible. For details, see the information
concerning CVE-2006-6235 posted on lists.gnupg.org:
[link moved to references]
The CVE entry for this issue may be found here:
[link moved to references]
This update also addresses a more minor security issue possibly
exploitable when GnuPG is used in interactive mode. For more information
about that issue, see:
[link moved to references]
(* Security fix *)
+--------------------------+
Affected Software/OS:
'gnupg' package(s) on Slackware 9.0, Slackware 9.1, Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware 11.0.
Solution:
Please install the updated package(s).
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
