Detections
Analytics

Mandriva Linux Security Advisory : gnupg (MDVSA-2013:247)

medium Nessus Plugin ID 70383

Language:

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Multiple vulnerabilities has been discovered and corrected in gnupg :

GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey (CVE-2013-4351).

Special crafted input data may be used to cause a denial of service against GPG. GPG can be forced to recursively parse certain parts of OpenPGP messages ad infinitum (CVE-2013-4402).

The updated packages have been patched to correct this issue.

Solution

Update the affected gnupg and / or gnupg2 packages.

See Also

http://advisories.mageia.org/MGASA-2013-0299.html

http://advisories.mageia.org/MGASA-2013-0303.html

http://lists.gnu.org/archive/html/info-gnu/2013-10/msg00002.html

http://lists.gnu.org/archive/html/info-gnu/2013-10/msg00003.html

Plugin Details

Severity: Medium

ID: 70383

File Name: mandriva_MDVSA-2013-247.nasl

Version: 1.5

Type: local

Published: 10/11/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:gnupg, p-cpe:/a:mandriva:linux:gnupg2, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 10/10/2013

Reference Information

CVE: CVE-2013-4351, CVE-2013-4402

MDVSA: 2013:247