Synopsis: Moderate: gnupg2 security update
Advisory ID: SLSA-2013:1459-1
Issue Date: 2013-10-24
CVE Numbers: CVE-2012-6085
CVE-2013-4351
CVE-2013-4402
—
A denial of service flaw was found in the way GnuPG parsed certain
compressed OpenPGP packets. An attacker could use this flaw to send
specially crafted input data to GnuPG, making GnuPG enter an infinite loop
when parsing data. (CVE-2013-4402)
It was found that importing a corrupted public key into a GnuPG keyring
database corrupted that keyring. An attacker could use this flaw to trick
a local user into importing a specially crafted public key into their
keyring database, causing the keyring to be corrupted and preventing its
further use. (CVE-2012-6085)
It was found that GnuPG did not properly interpret the key flags in a PGP
key packet. GPG could accept a key for uses not indicated by its holder.
(CVE-2013-4351)
—
SL5
x86_64
gnupg2-2.0.10-6.el5_10.x86_64.rpm
gnupg2-debuginfo-2.0.10-6.el5_10.x86_64.rpm
i386
gnupg2-2.0.10-6.el5_10.i386.rpm
gnupg2-debuginfo-2.0.10-6.el5_10.i386.rpm
SL6
x86_64
gnupg2-2.0.14-6.el6_4.x86_64.rpm
gnupg2-debuginfo-2.0.14-6.el6_4.x86_64.rpm
gnupg2-smime-2.0.14-6.el6_4.x86_64.rpm
i386
gnupg2-2.0.14-6.el6_4.i686.rpm
gnupg2-debuginfo-2.0.14-6.el6_4.i686.rpm
gnupg2-smime-2.0.14-6.el6_4.i686.rpm
– Scientific Linux Development Team
