Rapid7 Vulnerability & Exploit Database

RHSA-2003:175: Updated gnupg packages fix validation bug

Back to Search

RHSA-2003:175: Updated gnupg packages fix validation bug

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
05/27/2003
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated gnupg packages correcting a bug in the GnuPG key validation functions are now available.

The GNU Privacy Guard (GnuPG) is a utility for encrypting data and creating digital signatures. When evaluating trust values for different UIDs assigned to a given key, GnuPG versions earlier than 1.2.2 would incorrectly associate the trust value of the UID with the highest trust value with every UID assigned to that key. This would prevent an expected warning message from being generated. All users are advised to upgrade to these errata packages which include patches from the GnuPG development team that correct this issue for GnuPG versions 1.0.7 and 1.2.1. This update also upgrades Red Hat Linux 7.1, 7.2, and 7.3 users to GnuPG version 1.0.7.

Solution(s)

  • redhat-upgrade-gnupg

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;