RHEL 2.1 : gnupg (RHSA-2003:176)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

Updated gnupg packages are now available which correct a bug in the
GnuPG key validation functions.

The GNU Privacy Guard (GnuPG) is a utility for encrypting data and
creating digital signatures.

When evaluating trust values for the UIDs assigned to a given key,
GnuPG versions earlier than 1.2.2 would incorrectly associate the
trust value of the UID having the highest trust value with every UID
assigned to this key. This would prevent an expected warning message
from being generated.

All users are advised to upgrade to these errata packages which
include an update to GnuPG 1.0.7 containing patches from the GnuPG
development team to correct this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2003-0255.html
http://lists.gnupg.org/pipermail/gnupg-announce/2003q2/000268.html
http://rhn.redhat.com/errata/RHSA-2003-176.html

Solution :

Update the affected gnupg package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12396 ()

Bugtraq ID:

CVE ID: CVE-2003-0255