Summary
The remote host is missing an update to gnupg2
announced via advisory DSA 2076-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202076-1
Insight
It was discovered that GnuPG 2 uses a freed pointer when verify a signature or importing a certificate with many Subject Alternate Names, potentially leading to arbitrary code execution.
For the stable distribution (lenny), this problem has been fixed in version 2.0.9-3.1+lenny1.
For the unstable distribution (sid), this problem has been fixed in version 2.0.14-2.
GnuPG 1 (in the gnupg package) is not affected by this problem.
We recommend that you upgrade your gnupg2 packages.
Severity
Classification
-
CVE CVE-2010-2547 -
CVSS Base Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
Related Vulnerabilities