SB2019062907 - Denial of service in GnuPG
Published: June 29, 2019 Updated: September 10, 2019
Security Bulletin ID
SB2019062907
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper validation of certificate with host mismatch (CVE-ID: CVE-2019-13050)
The vulnerability allows a remote attacker to cause a persistent denial of service (DoS) condition on the target system.
The vulnerability exists due to the interaction between the vulnerable applications makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. A remote attacker can retrieve data from this network and cause a persistent denial of service, because of a certificate spamming attack.
Remediation
Install update from vendor's website.