Mandrake Linux Security Advisory : gnupg (MDKSA-2003:061)

Critical Nessus Plugin ID 14044


The remote Mandrake Linux host is missing a security update.


A bug was discovered in GnuPG versions 1.2.1 and earlier. When gpg evaluates trust values for different UIDs assigned to a key, it would incorrectly associate the trust value of the UID with the highest trust value with every other UID assigned to that key. This prevents a warning message from being given when attempting to encrypt to an invalid UID, but due to the bug, is accepted as valid.

Patches have been applied for version 1.0.7 and all users are encouraged to upgrade.


Update the affected gnupg package.

See Also

Plugin Details

Severity: Critical

ID: 14044

File Name: mandrake_MDKSA-2003-061.nasl

Version: $Revision: 1.17 $

Type: local

Published: 2004/07/31

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:gnupg, cpe:/o:mandrakesoft:mandrake_linux:8.2, cpe:/o:mandrakesoft:mandrake_linux:9.0, cpe:/o:mandrakesoft:mandrake_linux:9.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2003/05/22

Reference Information

CVE: CVE-2003-0255

MDKSA: 2003:061