Debian Security Advisory DSA 429-1 (gnupg) Network Vulnerability

Summary

The remote host is missing an update to gnupg announced via advisory DSA 429-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20429-1

Insight

Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a compromise of almost all ElGamal keys used for signing. This update disables the use of this type of key. For the current stable distribution (woody) this problem has been fixed in version 1.0.6-4woody1. For the unstable distribution, this problem has been fixed in version 1.2.4-1. We recommend that you update your gnupg package.

Severity

Classification

CVE CVE-2003-0971

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Debian Security Advisory DSA 007-1 (zope)
Debian Security Advisory DSA 041-1 (joe)
Debian Security Advisory DSA 1036-1 (bsdgames)
Debian Security Advisory DSA 094-1 (mailman)
Debian Security Advisory DSA 1110-1 (samba)

Take action and discover your vulnerabilities