SuSE 10 Security Update : gpg (ZYPP Patch Number 2994)

This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.

Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

When printing a text stream with a GPG signature it was possible for
an attacker to create a stream with 'unsigned text, signed text' where
both unsigned and signed text would be shown without distinction which
one was signed and which part wasn't.

This is tracked by the Mitre CVE ID CVE-2007-1263.

The update introduces a new option

-allow-multiple-messages to print out such messages in the future, by
default it only prints and handles the first one.

See also :

Solution :

Apply ZYPP patch number 2994.

Risk factor :

Medium / CVSS Base Score : 5.0

Family: SuSE Local Security Checks

Nessus Plugin ID: 29450 ()

Bugtraq ID:

CVE ID: CVE-2007-1263

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now