SB2013112631 - Cryptographic issues in gnupg (Alpine package)
Published: November 26, 2013
Security Bulletin ID
SB2013112631
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Cryptographic issues (CVE-ID: CVE-2013-4351)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey.
Remediation
Install update from vendor's website.