SuSE9 Security Update : gpg (YOU Patch Number 11464)

This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 9 host is missing a security-related patch.

Description :

When printing a text stream with a GPG signature it was possible for
an attacker to create a stream with 'unsigned text, signed text' where
both unsigned and signed text would be shown without distinction which
one was signed and which part wasn't.

This is tracked by the Mitre CVE ID CVE-2007-1263.

The update introduces a new option --allow-multiple-messages to print
out such messages in the future, by default it only prints and handles
the first one.

See also :

http://support.novell.com/security/cve/CVE-2007-1263.html

Solution :

Apply YOU patch number 11464.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Family: SuSE Local Security Checks

Nessus Plugin ID: 41120 ()

Bugtraq ID:

CVE ID: CVE-2007-1263

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now