Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 522
Alerts This Week
Warning Icon 1 522

Scientific Linux: SLSA-2023:1587-2 Moderate: openssl Denial Of Service

Scientific Large Esm H446
Moderate: gnupg2 security update
Date: Thu, 24 Oct 2013 16:49:52 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: gnupg2 on SL5.x, SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Moderate: gnupg2 security update
Advisory ID: SLSA-2013:1459-1
Issue Date: 2013-10-24
CVE Numbers: CVE-2012-6085
 CVE-2013-4351
 CVE-2013-4402
--

A denial of service flaw was found in the way GnuPG parsed certain
compressed OpenPGP packets. An attacker could use this flaw to send
specially crafted input data to GnuPG, making GnuPG enter an infinite loop
when parsing data. (CVE-2013-4402)

It was found that importing a corrupted public key into a GnuPG keyring
database corrupted that keyring. An attacker could use this flaw to trick
a local user into importing a specially crafted public key into their
keyring database, causing the keyring to be corrupted and preventing its
further use. (CVE-2012-6085)

It was found that GnuPG did not properly interpret the key flags in a PGP
key packet. GPG could accept a key for uses not indicated by its holder.
(CVE-2013-4351)
--

SL5
 x86_64
 gnupg2-2.0.10-6.el5_10.x86_64.rpm
 gnupg2-debuginfo-2.0.10-6.el5_10.x86_64.rpm
 i386
 gnupg2-2.0.10-6.el5_10.i386.rpm
 gnupg2-debuginfo-2.0.10-6.el5_10.i386.rpm
SL6
 x86_64
 gnupg2-2.0.14-6.el6_4.x86_64.rpm
 gnupg2-debuginfo-2.0.14-6.el6_4.x86_64.rpm
 gnupg2-smime-2.0.14-6.el6_4.x86_64.rpm
 i386
 gnupg2-2.0.14-6.el6_4.i686.rpm
 gnupg2-debuginfo-2.0.14-6.el6_4.i686.rpm
 gnupg2-smime-2.0.14-6.el6_4.i686.rpm

- Scientific Linux Development Team