Test ID:	1.3.6.1.4.1.25623.1.0.56427
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-264-1 (gnupg)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to gnupg announced via advisory USN-264-1. A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: gnupg Tavis Ormandy discovered a flaw in gnupg's signature verification. In some cases, certain invalid signature formats could cause gpg to report a 'good signature' result for auxiliary unsigned data which was prepended or appended to the checked message part. Solution: The problem can be corrected by upgrading the affected package to version 1.2.4-4ubuntu2.3 (for Ubuntu 4.10), 1.2.5-3ubuntu5.3 (for Ubuntu 5.04), or 1.4.1-1ubuntu1.2 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-264-1 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	BugTraq ID: 17058 Common Vulnerability Exposure (CVE) ID: CVE-2006-0049 http://www.securityfocus.com/bid/17058 Bugtraq: 20060309 GnuPG does not detect injection of unsigned data (Google Search) http://www.securityfocus.com/archive/1/427324/100/0/threaded Debian Security Information: DSA-993 (Google Search) http://www.debian.org/security/2006/dsa-993 http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html http://www.securityfocus.com/archive/1/433931/100/0/threaded http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:055 http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html http://www.osvdb.org/23790 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063 http://www.redhat.com/support/errata/RHSA-2006-0266.html http://securitytracker.com/id?1015749 http://secunia.com/advisories/19173 http://secunia.com/advisories/19197 http://secunia.com/advisories/19203 http://secunia.com/advisories/19231 http://secunia.com/advisories/19232 http://secunia.com/advisories/19234 http://secunia.com/advisories/19244 http://secunia.com/advisories/19249 http://secunia.com/advisories/19287 http://secunia.com/advisories/19532 SGI Security Advisory: 20060401-01-U ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.476477 http://securityreason.com/securityalert/450 http://securityreason.com/securityalert/568 SuSE Security Announcement: SUSE-SA:2006:014 (Google Search) http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html http://www.trustix.org/errata/2006/0014 https://usn.ubuntu.com/264-1/ http://www.vupen.com/english/advisories/2006/0915 XForce ISS Database: gnupg-nondetached-sig-verification(25184) https://exchange.xforce.ibmcloud.com/vulnerabilities/25184
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.