Mandrake Linux Security Advisory : gnupg (MDKSA-2000:087)

medium Nessus Plugin ID 61873

Language:

Synopsis

The remote Mandrake Linux host is missing a security update.

Description

When importing keys from public key servers, GnuPG will import private keys (also known as secret keys) in addition to public keys. If this happens, the user's web of trust becomes corrupt. Additionally, when used to check detached signatures, if the data file being checked contains clearsigned data, GnuPG will not warn the user if the detached signature is incorrect.

Solution

Update the affected gnupg package.

Plugin Details

Severity: Medium

ID: 61873

File Name: mandrake_MDKSA-2000-087.nasl

Version: 1.6

Type: local

Family: Mandriva Local Security Checks

Published: 9/6/2012

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:gnupg, cpe:/o:mandrakesoft:mandrake_linux:7.0, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 12/20/2000

Reference Information

CVE: CVE-2001-0071, CVE-2001-0072

MDKSA: 2000:087

Detections

Analytics