openSUSE 10 Security Update : gpg (gpg-2995)

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

When printing a text stream with a GPG signature it was possible for
an attacker to create a stream with 'unsigned text, signed text' where
both unsigned and signed text would be shown without distinction which
one was signed and which part wasn't.

This is tracked by the Mitre CVE ID CVE-2007-1263.

The update introduces a new option

--allow-multiple-messages to print out such messages in the future, by
default it only prints and handles the first one.

Solution :

Update the affected gpg package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Family: SuSE Local Security Checks

Nessus Plugin ID: 27248 ()

Bugtraq ID:

CVE ID: CVE-2007-1263

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now