ArchLinux: 201604-11: pgpdump: denial of service
Summary
When pgpdump is run on specially crafted input, a denial of service condition occurs. The program runs with 100% CPU usage for an indefinite amount of time. This can be abused in scenarios where users can supply input to pgpdump, e.g. in http://www.pgpdump.net/.
Resolution
Upgrade to 0.30-1.
# pacman -Syu "pgpdump>=0.30-1"
The problem has been fixed upstream in version 0.30.
References
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-030.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4021
Workaround
None.