20 matches found
MiracleLinux 8 : gnupg2-2.2.20-2.el8 (AXSA:2021-1082:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1082:01 advisory. GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS CVE-2019-13050 Tenable has...
RHEL 5 : gnupg (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing...
USN-5431-1: GnuPG vulnerability | Cloud Foundry
usn-5431-1 Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that GnuPG was not properly processing keys with large amounts of signatures. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run sud...
Ubuntu 18.04 LTS : GnuPG vulnerability (USN-5431-1)
The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5431-1 advisory. It was discovered that GnuPG was not properly processing keys with large amounts of signatures. An attacker could possibly use this issue to cause a denial of...
AlmaLinux 8 : gnupg2 (ALSA-2020:4490)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4490 advisory. - GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery CSRF vulnerability in dirmngr that can result in Attacker controlled CSRF, Informatio...
SUSE: Security Advisory (SUSE-SU-2019:2006-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 8 : gnupg2 (ELSA-2020-4490)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-4490 advisory. 2.2.20-2 - fixes for issues found in Coverity scan 2.2.20-1 - upgrade to 2.2.20 Tenable has extracted the preceding description block directly from the Oracle...
Moderate: Red Hat Security Advisory: gnupg2 security, bug fix, and enhancement update
An update for gnupg2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
RHEL 8 : gnupg2 (RHSA-2020:4490)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4490 advisory. The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standard...
ALSA-2020:4490 Moderate: gnupg2 security, bug fix, and enhancement update
The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. The following packages have been upgraded to a later upstream version: gnupg2 2.2.20. BZ1663944 Security Fixes: GnuPG: interaction between the sks-keyserv...
Moderate: gnupg2 security, bug fix, and enhancement update
The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. The following packages have been upgraded to a later upstream version: gnupg2 2.2.20. BZ1663944 Security Fixes: GnuPG: interaction between the sks-keyserv...
EulerOS Virtualization for ARM 64 3.0.6.0 : gnupg2 (EulerOS-SA-2020-1358)
According to the version of the gnupg2 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it...
Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2020-1358)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2020-1153)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2019:2480-1 Security update for gpg2
This update for gpg2 fixes the following issues: Security issue fixed: - CVE-2019-13050: Fixed denial-of-service attacks via big keys. bsc1141093 Non-security issue fixed: - Allow coredumps in X11 desktop sessions bsc1124847...
Photon OS 2.0: Gnupg PHSA-2019-2.0-0171
An update of the gnupg package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-2.0-0171. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid128717...
Photon OS 1.0: Gnupg PHSA-2019-1.0-0246
An update of the gnupg package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-1.0-0246. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid128168...
openSUSE: Security Advisory for gpg2 (openSUSE-SU-2019:1917-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE-SU-2019:2006-1 Security update for gpg2
This update for gpg2 fixes the following issues: Security issue fixed: - CVE-2019-13050: Fixed a denial of service attacks via big keys bsc1141093. Non-security issue fixed: - Allow coredumps in X11 desktop sessions bsc1124847...
CVE-2019-13050
CVE-2019-13050: Describes a DoS risk arising from the interaction between SKS keyserver network code (through SKS 1.2.0) and GNU Privacy Guard (GnuPG) up to 2.2.16, where a keyserver host reference on the SKS network may trigger a Certificate Spamming Attack leading to a persistent denial-of-serv...