SCIENTIFIC-LINUX-ERRATA Archives

October 2013

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: gnupg2 on SL5.x, SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Thu, 24 Oct 2013 16:49:52 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (43 lines) 
Synopsis:          Moderate: gnupg2 security update
Advisory ID:       SLSA-2013:1459-1
Issue Date:        2013-10-24
CVE Numbers:       CVE-2012-6085
                   CVE-2013-4351
                   CVE-2013-4402
--

A denial of service flaw was found in the way GnuPG parsed certain
compressed OpenPGP packets. An attacker could use this flaw to send
specially crafted input data to GnuPG, making GnuPG enter an infinite loop
when parsing data. (CVE-2013-4402)

It was found that importing a corrupted public key into a GnuPG keyring
database corrupted that keyring. An attacker could use this flaw to trick
a local user into importing a specially crafted public key into their
keyring database, causing the keyring to be corrupted and preventing its
further use. (CVE-2012-6085)

It was found that GnuPG did not properly interpret the key flags in a PGP
key packet. GPG could accept a key for uses not indicated by its holder.
(CVE-2013-4351)
--

SL5
  x86_64
    gnupg2-2.0.10-6.el5_10.x86_64.rpm
    gnupg2-debuginfo-2.0.10-6.el5_10.x86_64.rpm
  i386
    gnupg2-2.0.10-6.el5_10.i386.rpm
    gnupg2-debuginfo-2.0.10-6.el5_10.i386.rpm
SL6
  x86_64
    gnupg2-2.0.14-6.el6_4.x86_64.rpm
    gnupg2-debuginfo-2.0.14-6.el6_4.x86_64.rpm
    gnupg2-smime-2.0.14-6.el6_4.x86_64.rpm
  i386
    gnupg2-2.0.14-6.el6_4.i686.rpm
    gnupg2-debuginfo-2.0.14-6.el6_4.i686.rpm
    gnupg2-smime-2.0.14-6.el6_4.i686.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2