David Shaw

**Name of the Vulnerable Software and Affected Versions** GnuPG versions prior to 1.2.2 Red Hat Linux (affected versions not specified) **Description** The issue concerns multiple vulnerabilities in the GnuPG package that can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The key validation code in GnuPG does not properly determine the validity of keys with multiple user IDs, assigning the greatest validity of the most valid user ID. This prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path. **Recommendations** For GnuPG versions prior to 1.2.2, update to version 1.2.2 or later to resolve the issue. For Red Hat Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability.