GLSA-200503-29 : GnuPG: OpenPGP protocol attack
Medium Nessus Plugin ID 17616
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200503-29 (GnuPG: OpenPGP protocol attack)
A flaw has been identified in an integrity checking mechanism of the OpenPGP protocol.
An automated system using GnuPG that allows an attacker to repeatedly discover the outcome of an integrity check (perhaps by observing the time required to return a response, or via overly verbose error messages) could theoretically reveal a small portion of plaintext.
There is no known workaround at this time.
SolutionAll GnuPG users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-crypt/gnupg-1.4.1'