Ubuntu: Security Advisory (USN-7412-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2015-0359 Updated gnupg packages fix security vulnerabilities

Updated gnupg and gnupg2 packages fix security vulnerabilities: Hanno Böck discovered that GnuPG incorrectly handled certain malformed keyrings. If a user or automated system were tricked into opening a malformed keyring, a remote attacker could use this issue to cause GnuPG to crash, resulting i...

USN-2554-1 gnupg, gnupg2 vulnerabilities

Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. CVE-2014-3591 Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was...

MGASA-2015-0104 Updated gnupg and libgcrypt packages fix security vulnerabilities

GnuPG before 1.4.19 is vulnerable to a side-channel attack which can potentially lead to an information leak CVE-2014-3591. GnuPG before 1.4.19 is vulnerable to a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak...

Request Tracker 3.x < 3.8.15 / 4.x < 4.0.8 Multiple Vulnerabilities

According to its self-reported version number, the Best Practical Solutions Request Tracker RT running on the remote web server is version 3.x prior to 3.8.15 or version 4.x prior to 4.0.8. It is, therefore, potentially affected by the following vulnerabilities : - Users can inject arbitrary...

SuSE-SA:2003:048: gpg

The remote host is missing the patch for the advisory SuSE-SA:2003:048 gpg. The gnupg the SUSE package is named gpg package is the most widely used software for cryptographic encryption/decryption of data. Two independent errors have been found in gpg GnuPG packages as shipped with SUSE products:...

CVE-2001-0072

gpg aka GnuPG 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust...

[SECURITY] [DSA-010-1] two gpg problems

Package : gnupg Problem type : cheating with detached signatures, circumvention of web of trust Debian-specific: no Two bugs in GnuPG have recently been found: 1. false positives when verifying detached signatures - ----------------------------------------------------- There is a problem in the w...