Rapid7 Vulnerability & Exploit Database

RHSA-2003:176: gnupg security update

Back to Search

RHSA-2003:176: gnupg security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
05/27/2003
Created
07/25/2018
Added
10/28/2005
Modified
07/12/2017

Description

Updated gnupg packages are now available which correct a bug in the GnuPG key validation functions.

The GNU Privacy Guard (GnuPG) is a utility for encrypting data and creating digital signatures. When evaluating trust values for the UIDs assigned to a given key, GnuPG versions earlier than 1.2.2 would incorrectly associate the trust value of the UID having the highest trust value with every UID assigned to this key. This would prevent an expected warning message from being generated. All users are advised to upgrade to these errata packages which include an update to GnuPG 1.0.7 containing patches from the GnuPG development team to correct this issue.

Solution(s)

  • redhat-upgrade-gnupg

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;