Oval Definition:
oval:com.ubuntu.trusty:def:20189234000
Revision Date
:
2018-04-03
Version
:
1
Title
:
CVE-2018-9234 on Ubuntu 14.04 LTS (trusty) - low.
Description
:
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.
Family
:
unix
Class
:
vulnerability
Status
:
Reference(s)
:
CVE-2018-9234
Platform(s)
:
Ubuntu 14.04 LTS
Product(s)
:
Definition Synopsis
Ubuntu 14.04 LTS (trusty) is installed.
AND
Package Information
NOT
While related to the CVE in some way, the 'gnupg' package in trusty is not affected.
OR
NOT
While related to the CVE in some way, the 'gnupg2' package in trusty is not affected (note: '2.0.22-3ubuntu1.3').
BACK