Mandrake Linux Security Advisory : gnupg (MDKSA-2005:057)
Medium Nessus Plugin ID 17334
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionThe OpenPGP protocol is vulnerable to a timing-attack in order to gain plain text from cipher text. The timing difference appears as a side effect of the so-called 'quick scan' and is only exploitable on systems that accept an arbitrary amount of cipher text for automatic decryption.
The updated packages have been patched to disable the quick check for all public key-encrypted messages and files.
SolutionUpdate the affected gnupg package.