Mandrake Linux Security Advisory : gnupg (MDKSA-2000:087)

Medium Nessus Plugin ID 61873


The remote Mandrake Linux host is missing a security update.


When importing keys from public key servers, GnuPG will import private keys (also known as secret keys) in addition to public keys. If this happens, the user's web of trust becomes corrupt. Additionally, when used to check detached signatures, if the data file being checked contains clearsigned data, GnuPG will not warn the user if the detached signature is incorrect.


Update the affected gnupg package.

Plugin Details

Severity: Medium

ID: 61873

File Name: mandrake_MDKSA-2000-087.nasl

Version: $Revision: 1.3 $

Type: local

Published: 2012/09/06

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:gnupg, cpe:/o:mandrakesoft:mandrake_linux:7.0, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2000/12/20

Reference Information

CVE: CVE-2001-0071, CVE-2001-0072

MDKSA: 2000:087