EUVD-2015-1738

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2015-1607

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote...

SUSE CVE-2015-1606

The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service invalid read and use-after-free via a crafted keyring file...

EulerOS Virtualization for ARM 64 3.0.2.0 : gnupg2 (EulerOS-SA-2020-1563)

According to the versions of the gnupg2 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwis...

Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2020-1563)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.2 : gnupg2 (EulerOS-SA-2020-1489)

According to the versions of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The douncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to...

EulerOS 2.0 SP5 : gnupg2 (EulerOS-SA-2020-1104)

According to the versions of the gnupg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allow...

CVE-2015-1607

kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service invalid read operation via a crafted keyring file, related to sign extensions and "memcpy with overlappi...

CVE-2015-1607

kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service invalid read operation via a crafted keyring file, related to sign extensions and "memcpy with overlappi...

DEBIAN-CVE-2015-1606

The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service invalid read and use-after-free via a crafted keyring file...

Design/Logic Flaw

kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service invalid read operation via a crafted keyring file, related to sign extensions and "memcpy with overlappi...

CVE-2015-1607

Technical details of CVE-2015-1607 are not provided in the connected documents. The Initial Description mentions GNUPG but lacks vendor/product/version specifics beyond that. Monitor for updates.

CVE-2015-1607

kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service invalid read operation via a crafted keyring file, related to sign extensions and "memcpy with overlappi...

ceph-deploy: keyring permissions are world readable in ~ceph

It was discovered that ceph-deploy, a utility for deploying Red Hat Ceph Storage, would create the keyring file with world readable permissions, which could possibly allow a local user to obtain authentication credentials from the keyring file...

ceph-deploy admin command copies keyring file to /etc/ceph which is world readable

It was discovered that ceph-deploy, a utility for deploying Red Hat Ceph Storage, would create the keyring file with world readable permissions, which could possibly allow a local user to obtain authentication credentials from the keyring file...

ceph-deploy: keyring permissions are world readable in ~ceph

It was discovered that ceph-deploy, a utility for deploying Red Hat Ceph Storage, would create the keyring file with world readable permissions, which could possibly allow a local user to obtain authentication credentials from the keyring file...

ceph-deploy admin command copies keyring file to /etc/ceph which is world readable

It was discovered that ceph-deploy, a utility for deploying Red Hat Ceph Storage, would create the keyring file with world readable permissions, which could possibly allow a local user to obtain authentication credentials from the keyring file...

PYSEC-2015-2

ceph-deploy before 1.5.23 uses weak permissions 644 for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file...

RHEL 6 / 7 : ceph-deploy (RHSA-2015:1092)

An updated ceph-deploy package that fixes two security issues is now available for Red Hat Ceph Storage. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for...

Moderate: Red Hat Security Advisory: ceph-deploy security update

An updated ceph-deploy package that fixes two security issues is now available for Red Hat Ceph Storage. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for...