Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2013:1578-1)
Summary:The remote host is missing an update for the 'gpg' package(s) announced via the SUSE-SU-2013:1578-1 advisory.
The remote host is missing an update for the 'gpg' package(s) announced via the SUSE-SU-2013:1578-1 advisory.

Vulnerability Insight:
This GnuPG LTSS roll-up update fixes two security issues:

* CVE-2013-4351: GnuPG treated no-usage-permitted keys as all-usages-permitted.
* CVE-2013-4402: An infinite recursion in the compressed packet parser was fixed.
* CVE-2013-4242: GnuPG allowed local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.
* CVE-2012-6085: The read_block function in g10/import.c in GnuPG 1.4.x, when importing a key, allowed remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.

We also fixed a permission issue on opening new files

Security Issues:

* CVE-2013-4351

Affected Software/OS:
'gpg' package(s) on SUSE Linux Enterprise Server 10 SP3

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-6085
BugTraq ID: 57102
RedHat Security Advisories: RHSA-2013:1459
XForce ISS Database: gnupg-public-keys-code-exec(80990)
Common Vulnerability Exposure (CVE) ID: CVE-2013-4242
BugTraq ID: 61464
CERT/CC vulnerability note: VU#976534
Debian Security Information: DSA-2730 (Google Search)
Debian Security Information: DSA-2731 (Google Search)
RedHat Security Advisories: RHSA-2013:1457
SuSE Security Announcement: openSUSE-SU-2013:1294 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2013-4351
Debian Security Information: DSA-2773 (Google Search)
Debian Security Information: DSA-2774 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:1526 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:1532 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2013-4402
SuSE Security Announcement: openSUSE-SU-2013:1546 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:1552 (Google Search)
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.