Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Mandriva Update for gnupg2 MDVSA-2010:143 (gnupg2)

Information

Severity

Severity

Medium

Family

Family

Mandrake Local Security Checks

CVSSv2 Base

CVSSv2 Base

5.1

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

13 years ago

Modified

Modified

6 years ago

Summary

Check for the Version of gnupg2

Insight

Insight

A vulnerability has been discovered and corrected in gnupg2: Importing a certificate with more than 98 Subject Alternate Names via GPGSM's import command or implicitly while verifying a signature causes GPGSM to reallocate an array with the names. The bug is that the reallocation code misses assigning the reallocated array to the old array variable and thus the old and freed array will be used. Usually this leads to a segv (CVE-2010-2547). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&amp products_id=490 The updated packages have been patched to correct this issue.

Affected Software

Affected Software

gnupg2 on Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64, Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2009.1, Mandriva Linux 2009.1/X86_64, Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64

Solution

Solution

Please Install the Updated Packages.

Common Vulnerabilities and Exposures (CVE)