Test ID:	1.3.6.1.4.1.25623.1.0.123541
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2013-1459)
Summary:	The remote host is missing an update for the 'gnupg2' package(s) announced via the ELSA-2013-1459 advisory.
Description:	Summary: The remote host is missing an update for the 'gnupg2' package(s) announced via the ELSA-2013-1459 advisory. Vulnerability Insight: [2.0.14-6] - fix CVE-2013-4351 gpg treats no-usage-permitted keys as all-usages-permitted [2.0.14-5] - fix CVE-2012-6085 GnuPG: read_block() corrupt key input validation - fix CVE-2013-4402 GnuPG: infinite recursion in the compressed packet parser Affected Software/OS: 'gnupg2' package(s) on Oracle Linux 5, Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-6085 57102 http://www.securityfocus.com/bid/57102 FEDORA-2013-0148 http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095513.html FEDORA-2013-0377 http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095516.html MDVSA-2013:001 http://www.mandriva.com/security/advisories?name=MDVSA-2013:001 RHSA-2013:1459 http://rhn.redhat.com/errata/RHSA-2013-1459.html USN-1682-1 http://www.ubuntu.com/usn/USN-1682-1 [oss-security] 20130101 Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption http://www.openwall.com/lists/oss-security/2013/01/01/6 gnupg-public-keys-code-exec(80990) https://exchange.xforce.ibmcloud.com/vulnerabilities/80990 http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67 https://bugs.g10code.com/gnupg/issue1455 https://bugzilla.redhat.com/show_bug.cgi?id=891142 Common Vulnerability Exposure (CVE) ID: CVE-2013-4351 DSA-2773 http://www.debian.org/security/2013/dsa-2773 DSA-2774 http://www.debian.org/security/2013/dsa-2774 USN-1987-1 http://ubuntu.com/usn/usn-1987-1 [oss-security] 20130913 Re: GnuPG treats no-usage-permitted keys as all-usages-permitted http://www.openwall.com/lists/oss-security/2013/09/13/4 http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138 https://bugzilla.redhat.com/show_bug.cgi?id=1010137 openSUSE-SU-2013:1526 http://lists.opensuse.org/opensuse-updates/2013-10/msg00003.html openSUSE-SU-2013:1532 http://lists.opensuse.org/opensuse-updates/2013-10/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2013-4402 Debian Security Information: DSA-2773 (Google Search) Debian Security Information: DSA-2774 (Google Search) http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html RedHat Security Advisories: RHSA-2013:1459 SuSE Security Announcement: openSUSE-SU-2013:1546 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-10/msg00020.html SuSE Security Announcement: openSUSE-SU-2013:1552 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-10/msg00025.html http://www.ubuntu.com/usn/USN-1987-1
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.