Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Pat Riehecky <riehecky-13hema8v3vg <at> public.gmane.org>
Subject: Security ERRATA Moderate: gnupg2 on SL5.x, SL6.x i386/x86_64
Newsgroups: gmane.linux.scientific.errata
Date: Thursday 24th October 2013 16:49:52 UTC (over 3 years ago)
Synopsis:          Moderate: gnupg2 security update
Advisory ID:       SLSA-2013:1459-1
Issue Date:        2013-10-24
CVE Numbers:       CVE-2012-6085
                   CVE-2013-4351
                   CVE-2013-4402
--

A denial of service flaw was found in the way GnuPG parsed certain
compressed OpenPGP packets. An attacker could use this flaw to send
specially crafted input data to GnuPG, making GnuPG enter an infinite loop
when parsing data. (CVE-2013-4402)

It was found that importing a corrupted public key into a GnuPG keyring
database corrupted that keyring. An attacker could use this flaw to trick
a local user into importing a specially crafted public key into their
keyring database, causing the keyring to be corrupted and preventing its
further use. (CVE-2012-6085)

It was found that GnuPG did not properly interpret the key flags in a PGP
key packet. GPG could accept a key for uses not indicated by its holder.
(CVE-2013-4351)
--

SL5
  x86_64
    gnupg2-2.0.10-6.el5_10.x86_64.rpm
    gnupg2-debuginfo-2.0.10-6.el5_10.x86_64.rpm
  i386
    gnupg2-2.0.10-6.el5_10.i386.rpm
    gnupg2-debuginfo-2.0.10-6.el5_10.i386.rpm
SL6
  x86_64
    gnupg2-2.0.14-6.el6_4.x86_64.rpm
    gnupg2-debuginfo-2.0.14-6.el6_4.x86_64.rpm
    gnupg2-smime-2.0.14-6.el6_4.x86_64.rpm
  i386
    gnupg2-2.0.14-6.el6_4.i686.rpm
    gnupg2-debuginfo-2.0.14-6.el6_4.i686.rpm
    gnupg2-smime-2.0.14-6.el6_4.i686.rpm

- Scientific Linux Development Team
 
CD: 3ms