Ubuntu Update For Gnupg Vulnerability USN-432-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-432-1

Solution

Please Install the Updated Packages.

Insight

Gerardo Richarte from Core Security Technologies discovered that when gnupg is used without --status-fd, there is no way to distinguish initial unsigned messages from a following signed message. An attacker could inject an unsigned message, which could fool the user into thinking the message was entirely signed by the original sender.

Affected

gnupg vulnerability on Ubuntu 5.10 , Ubuntu 6.06 LTS , Ubuntu 6.10

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2007-March/000498.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-1263

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Ubuntu Update for clamav USN-1482-2
Ubuntu Update for cups, cupsys vulnerabilities USN-952-1
Ubuntu Update for bzip2 USN-1308-1
Ubuntu Update for curl USN-2167-1
Ubuntu Update for compiz vulnerability USN-537-2

Ubuntu Update for gnupg vulnerability USN-432-1

Take action and discover your vulnerabilities