Test ID:	1.3.6.1.4.1.25623.1.0.68200
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-970-1 (gnupg2)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to gnupg2 announced via advisory USN-970-1. Details follow: It was discovered that GPGSM in GnuPG2 did not correctly handle certificates with a large number of Subject Alternate Names. If a user or automated system were tricked into processing a specially crafted certificate, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: gpgsm 2.0.7-1ubuntu0.1 Ubuntu 9.04: gpgsm 2.0.9-3.1ubuntu0.1 Ubuntu 9.10: gpgsm 2.0.12-0ubuntu2.1 Ubuntu 10.04 LTS: gpgsm 2.0.14-1ubuntu1.2 In general, a standard system update will make all the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-970-1 Risk factor : High CVSS Score: 5.1
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2547 1024247 http://www.securitytracker.com/id?1024247 38877 http://secunia.com/advisories/38877 40718 http://secunia.com/advisories/40718 40841 http://secunia.com/advisories/40841 41945 http://www.securityfocus.com/bid/41945 ADV-2010-1931 http://www.vupen.com/english/advisories/2010/1931 ADV-2010-1950 http://www.vupen.com/english/advisories/2010/1950 ADV-2010-1988 http://www.vupen.com/english/advisories/2010/1988 ADV-2010-2217 http://www.vupen.com/english/advisories/2010/2217 ADV-2010-3125 http://www.vupen.com/english/advisories/2010/3125 DSA-2076 http://www.debian.org/security/2010/dsa-2076 FEDORA-2010-11413 http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html MDVSA-2010:143 http://www.mandriva.com/security/advisories?name=MDVSA-2010:143 SSA:2010-240-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462008 SUSE-SR:2010:020 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html [gnupg-announce] 20100723 [Announce] Security Alert for GnuPG 2.0 - Realloc bug in GPGSM http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076 https://issues.rpath.com/browse/RPL-3229
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.