The MITRE CVE dictionary describes this issue as:
gpg in GnuPG before 22.214.171.124 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.
Red Hat security errata
|Red Hat Enterprise Linux version 2.1 (gnupg)||RHSA-2006:0266||March 15, 2006|
|Red Hat Enterprise Linux version 3 (gnupg)||RHSA-2006:0266||March 15, 2006|
|Red Hat Enterprise Linux version 4 (gnupg)||RHSA-2006:0266||March 15, 2006|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.