Test Kennung:	1.3.6.1.4.1.25623.1.0.51437
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2003:694
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2003:694. GnuPG[1] is a OpenPGP-compliant tool for secure communication used to, for example, sign emails, encrypt, decrypt and verify (signed) data. During the development of GnuPG 1.2.2, a bug has been found in the key validation code. This bug causes keys with more than one user ID to give all user IDs on the key the amount of validity given to the most-valid key. In this situation, GnuPG would not emit a warning when a low trust ID is used for encryption if that key also contains a trusted enough ID. Keys with only one ID are not affected by this problem. For Conectiva Linux 7.0 and 8, the GnuPG package has been updated to version 1.0.7 and includes a fix provided by the authors[2]. GnuPG in Conectiva Linux 9 does not need a version upgrade and includes the same patch. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.gnupg.org/ http://lists.gnupg.org/pipermail/gnupg-announce/2003q2/000268.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0255 http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:694 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.