Debian: Security Advisory (DLA-39-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2010-2547

Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc...

SUSE CVE-2014-3564

Multiple heap-based buffer overflows in the statushandler function in 1 engine-gpgsm.c and 2 engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via vectors related to "different line lengths in a specific order."...

[SECURITY] Fedora 27 Update: libgpg-error-1.31-1.fc27

This is a library that defines common error values for all GnuPG components. Among these are GPG, GPGSM, GPGME, GPG-Agent, libgcrypt, pinentry, SmartCard Daemon and possibly more in the future...

Gnupg2 'sm/gpgsm.c' Double Free Denial of Service Vulnerability

GnuPG is a Python module that allows, from a Python program, to conveniently use the key management, encryption and signing features of GnuPG. A denial of service vulnerability exists in Gnupg2 'sm/gpgsm.c', which can be exploited by an attacker to launch a denial of service attack...

SuSE 11.3 Security Update : gpgme (SAT Patch Number 9644)

This gpgme update fixes the following security issue : - Fix possible overflow in gpgsm and uiserver engines CVE-2014-3564. bnc890123 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The tex...

DLA-39-1 gpgme1.0 - security update

Bulletin has no description...

FreeBSD : gpgme -- heap-based buffer overflow in gpgsm status handler (90ca3ba5-19e6-11e4-8616-001b3856973b)

Tomas Trnka reports : Gpgme contains a buffer overflow in the gpgsm status handler that could possibly be exploited using a specially crafted certificate. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD...

gpgme -- heap-based buffer overflow in gpgsm status handler

Tomas Trnka reports: Gpgme contains a buffer overflow in the gpgsm status handler that could possibly be exploited using a specially crafted certificate...

Scientific Linux Security Update : gnupg2 on SL5.x i386/x86_64

A use-after-free flaw was found in the way gpgsm, a Cryptographic Message Syntax CMS encryption and signing tool, handled X.509 certificates with a large number of Subject Alternate Names. A specially crafted X.509 certificate could, when imported, cause gpgsm to crash or, possibly, execute...

Gentoo Security Advisory GLSA 201110-15 (GnuPG)

The remote host is missing updates announced in advisory GLSA 201110-15. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

GnuPG: User-assisted execution of arbitrary code

Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. The GPGSM utility in GnuPG is responsible for processing X.509 certificates, signatures and encryption as well as S/MIME messages. Description The GPGSM utility in GnuPG contains a...

CentOS Update for gnupg2 CESA-2010:0603 centos5 i386

Check for the Version of gnupg2 OpenVAS Vulnerability Test CentOS Update for gnupg2 CESA-2010:0603 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

Ubuntu Update for gnupg2 vulnerability USN-970-1

Ubuntu Update for Linux kernel vulnerabilities USN-970-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9701.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for gnupg2 vulnerability USN-970-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Ubuntu: Security Advisory (USN-970-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 5 : gnupg2 (CESA-2010:0603)

An updated gnupg2 package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

gnupg2 security update

CentOS Errata and Security Advisory CESA-2010:0603 An updated gnupg2 package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...

RedHat Update for gnupg2 RHSA-2010:0603-01

Check for the Version of gnupg2 OpenVAS Vulnerability Test RedHat Update for gnupg2 RHSA-2010:0603-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

CVE-2010-2547

Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc...

CVE-2010-2547

GnuPG 2.x is affected by CVE-2010-2547: a use-after-free in gpgsm/kbx-blob.c when importing or verifying a certificate with a large number of Subject Alternative Names can be exploited to crash the process or possibly execute arbitrary code. Impact is a denial of service with potential remote cod...