This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
The remote Amazon Linux AMI host is missing a security update.
GnuPG 1.x before 1.4.16 generates RSA keys using sequences of
introductions with certain patterns that introduce a side channel,
which allows physically proximate attackers to extract RSA keys via a
chosen-ciphertext attack and acoustic cryptanalysis during decryption.
NOTE: applications are not typically expected to protect themselves
from acoustic side-channel attacks, since this is arguably the
responsibility of the physical device. Accordingly, issues of this
type would not normally receive a CVE identifier. However, for this
issue, the developer has specified a security policy in which GnuPG
should offer side-channel resistance, and developer-specified
security-policy violations are within the scope of CVE.
See also :
Run 'yum update gnupg' to update your system.
Risk factor :
Low / CVSS Base Score : 2.1