oval:org.mitre.oval:def:25338
Definition Id: oval:org.mitre.oval:def:25338 | |||
Oval ID: | oval:org.mitre.oval:def:25338 | ||
Title: | SUSE-SU-2014:0750-1 -- Security update for gpg2 | ||
Description: | This is a SLES 11 SP1 LTSS rollup update for gpg2. The following security issues have been fixed: * CVE-2013-4402: The compressed packet parser in GnuPG allowed remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message. * CVE-2013-4351: GnuPG treated a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might have allowed remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey. * CVE-2012-6085: The read_block function in g10/import.c in GnuPG, when importing a key, allowed remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet. Also the following non-security bugs have been fixed: * set the umask before opening a file for writing (bnc#780943) * select proper ciphers when running in FIPS mode (bnc#808958) * add missing options to opts table (bnc#778723) | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:0750-1 CVE-2013-4402 CVE-2013-4351 CVE-2012-6085 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | gpg2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:17270 | |||
Oval ID: | oval:org.mitre.oval:def:17270 | ||
Title: | SUSE Linux Enterprise Server 11.x is installed | ||
Description: | SUSE Linux Enterprise Server 11.x is installed. | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:novell:suse_linux:11::server | Version: | 5 |
Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:25338 |