Executive Summary
Summary | |
---|---|
Title | python-gnupg security update |
Informations | |||
---|---|---|---|
Name | DSA-2946 | First vendor Publication | 2014-06-04 |
Vendor | Debian | Last vendor Modification | 2014-06-04 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities were discovered in the Python wrapper for the Gnu Privacy Guard (GPG). Insufficient sanitising could lead to the execution of arbitrary shell commands. For the stable distribution (wheezy), these problems have been fixed in version 0.3.6-1~deb7u1. For the testing distribution (jessie), these problems have been fixed in version 0.3.6-1. For the unstable distribution (sid), these problems have been fixed in version 0.3.6-1. We recommend that you upgrade your python-gnupg packages. |
Original Source
Url : http://www.debian.org/security/2014/dsa-2946 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:24804 | |||
Oval ID: | oval:org.mitre.oval:def:24804 | ||
Title: | DSA-2946-1 python-gnupg - security update | ||
Description: | Multiple vulnerabilities were discovered in the Python wrapper for the Gnu Privacy Guard (GPG). Insufficient sanitising could lead to the execution of arbitrary shell commands. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2946-1 CVE-2013-7323 CVE-2014-1927 CVE-2014-1928 CVE-2014-1929 | Version: | 3 |
Platform(s): | Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0 | Product(s): | python-gnupg |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 | |
Application | 4 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2946.nasl - Type : ACT_GATHER_INFO |
2014-02-23 | Name : The remote Fedora host is missing a security update. File : fedora_2014-2103.nasl - Type : ACT_GATHER_INFO |
2014-02-23 | Name : The remote Fedora host is missing a security update. File : fedora_2014-2140.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-10-26 05:28:13 |
|
2014-06-11 00:25:35 |
|
2014-06-10 00:26:03 |
|
2014-06-06 13:28:14 |
|
2014-06-04 21:21:09 |
|