openSUSE Security Update : gpg2 (openSUSE-2015-886)

Medium Nessus Plugin ID 87392


The remote openSUSE host is missing a security update.


The gpg2 package was updated to fix the following security and non security issues :

- CVE-2015-1606: Fixed invalid memory read using a garbled keyring (bsc#918089).

- CVE-2015-1607: Fixed memcpy with overlapping ranges (bsc#918090).

- bsc#955753: Fixed a regression of 'gpg --recv' due to keyserver import filter (also boo#952347).


Update the affected gpg2 packages.

See Also

Plugin Details

Severity: Medium

ID: 87392

File Name: openSUSE-2015-886.nasl

Version: $Revision: 2.1 $

Type: local

Agent: unix

Published: 2015/12/16

Modified: 2015/12/16

Dependencies: 12634

Risk Information

Risk Factor: Medium

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:gpg2, p-cpe:/a:novell:opensuse:gpg2-debuginfo, p-cpe:/a:novell:opensuse:gpg2-debugsource, p-cpe:/a:novell:opensuse:gpg2-lang, cpe:/o:novell:opensuse:42.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2015/12/10

Reference Information

CVE: CVE-2015-1606, CVE-2015-1607