RHEL 2.1 / 3 / 4 : gnupg (RHSA-2006:0266)

This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

An updated GnuPG package that fixes signature verification flaws as
well as minor bugs is now available.

This update has been rated as having important security impact by the
Red Hat Security Response Team.

GnuPG is a utility for encrypting data and creating digital
signatures.

Tavis Ormandy discovered a bug in the way GnuPG verifies
cryptographically signed data with detached signatures. It is possible
for an attacker to construct a cryptographically signed message which
could appear to come from a third party. When a victim processes a
GnuPG message with a malformed detached signature, GnuPG ignores the
malformed signature, processes and outputs the signed data, and exits
with status 0, just as it would if the signature had been valid. In
this case, GnuPG's exit status would not indicate that no signature
verification had taken place. This issue would primarily be of concern
when processing GnuPG results via an automated script. The Common
Vulnerabilities and Exposures project assigned the name CVE-2006-0455
to this issue.

Tavis Ormandy also discovered a bug in the way GnuPG verifies
cryptographically signed data with inline signatures. It is possible
for an attacker to inject unsigned data into a signed message in such
a way that when a victim processes the message to recover the data,
the unsigned data is output along with the signed data, gaining the
appearance of having been signed. This issue is mitigated in the GnuPG
shipped with Red Hat Enterprise Linux as the --ignore-crc-error option
must be passed to the gpg executable for this attack to be successful.
The Common Vulnerabilities and Exposures project assigned the name
CVE-2006-0049 to this issue.

Please note that neither of these issues affect the way RPM or up2date
verify RPM package files, nor is RPM vulnerable to either of these
issues.

All users of GnuPG are advised to upgrade to this updated package,
which contains backported patches to correct these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2006-0049.html
https://www.redhat.com/security/data/cve/CVE-2006-0455.html
http://rhn.redhat.com/errata/RHSA-2006-0266.html

Solution :

Update the affected gnupg package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 21090 ()

Bugtraq ID:

CVE ID: CVE-2006-0049
CVE-2006-0455