ID de Prueba:	1.3.6.1.4.1.25623.1.0.51437
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2003:694
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2003:694. GnuPG[1] is a OpenPGP-compliant tool for secure communication used to, for example, sign emails, encrypt, decrypt and verify (signed) data. During the development of GnuPG 1.2.2, a bug has been found in the key validation code. This bug causes keys with more than one user ID to give all user IDs on the key the amount of validity given to the most-valid key. In this situation, GnuPG would not emit a warning when a low trust ID is used for encryption if that key also contains a trusted enough ID. Keys with only one ID are not affected by this problem. For Conectiva Linux 7.0 and 8, the GnuPG package has been updated to version 1.0.7 and includes a fix provided by the authors[2]. GnuPG in Conectiva Linux 9 does not need a version upgrade and includes the same patch. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.gnupg.org/ http://lists.gnupg.org/pipermail/gnupg-announce/2003q2/000268.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0255 https://secure1.securityspace.com/smysecure/catid.html?in=CLA-2003:694 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.