What Are You Looking For?

Sign Up
=========================================================================Ubuntu Security Notice USN-2258-1
June 26, 2014

gnupg, gnupg2 vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS
- Ubuntu 13.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

GnuPG could be made to hang if it processed a specially crafted message.

Software Description:
- gnupg: GNU privacy guard - a free PGP replacement
- gnupg2: GNU privacy guard - a free PGP replacement

Details:

Jean-René Reinhard, Olivier Levillain and Florian Maury discovered that
GnuPG incorrectly handled certain OpenPGP messages. If a user or automated
system were tricked into processing a specially-crafted message, GnuPG
could consume resources, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  gnupg                           1.4.16-1ubuntu2.1
  gnupg2                          2.0.22-3ubuntu1.1

Ubuntu 13.10:
  gnupg                           1.4.14-1ubuntu2.2
  gnupg2                          2.0.20-1ubuntu3.1

Ubuntu 12.04 LTS:
  gnupg                           1.4.11-3ubuntu2.6
  gnupg2                          2.0.17-2ubuntu2.12.04.4

Ubuntu 10.04 LTS:
  gnupg                           1.4.10-2ubuntu1.6
  gnupg2                          2.0.14-1ubuntu1.7

In general, a standard system update will make all the necessary changes.

References:
  https://www.ubuntu.com/usn/usn-2258-1
  CVE-2014-4617

Package Information:
  https://launchpad.net/ubuntu/+source/gnupg/1.4.16-1ubuntu2.1
  https://launchpad.net/ubuntu/+source/gnupg2/2.0.22-3ubuntu1.1
  https://launchpad.net/ubuntu/+source/gnupg/1.4.14-1ubuntu2.2
  https://launchpad.net/ubuntu/+source/gnupg2/2.0.20-1ubuntu3.1
  https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu2.6
  https://launchpad.net/ubuntu/+source/gnupg2/2.0.17-2ubuntu2.12.04.4
  https://launchpad.net/ubuntu/+source/gnupg/1.4.10-2ubuntu1.6
  https://launchpad.net/ubuntu/+source/gnupg2/2.0.14-1ubuntu1.7

Ubuntu 2258-1: GnuPG vulnerability

June 26, 2014
GnuPG could be made to hang if it processed a specially crafted message.

Summary

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: gnupg 1.4.16-1ubuntu2.1 gnupg2 2.0.22-3ubuntu1.1 Ubuntu 13.10: gnupg 1.4.14-1ubuntu2.2 gnupg2 2.0.20-1ubuntu3.1 Ubuntu 12.04 LTS: gnupg 1.4.11-3ubuntu2.6 gnupg2 2.0.17-2ubuntu2.12.04.4 Ubuntu 10.04 LTS: gnupg 1.4.10-2ubuntu1.6 gnupg2 2.0.14-1ubuntu1.7 In general, a standard system update will make all the necessary changes.

References

https://www.ubuntu.com/usn/usn-2258-1

CVE-2014-4617

Severity
June 26, 2014

Package Information

https://launchpad.net/ubuntu/+source/gnupg/1.4.16-1ubuntu2.1 https://launchpad.net/ubuntu/+source/gnupg2/2.0.22-3ubuntu1.1 https://launchpad.net/ubuntu/+source/gnupg/1.4.14-1ubuntu2.2 https://launchpad.net/ubuntu/+source/gnupg2/2.0.20-1ubuntu3.1 https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu2.6 https://launchpad.net/ubuntu/+source/gnupg2/2.0.17-2ubuntu2.12.04.4 https://launchpad.net/ubuntu/+source/gnupg/1.4.10-2ubuntu1.6 https://launchpad.net/ubuntu/+source/gnupg2/2.0.14-1ubuntu1.7

Related News

New Money Message Ransomware Attacks Both Windows & Linux Users

Apr 10, 2023

10 Essential Linux Tools for Network and Security Pros

Jan 15, 2023

Delving into Container Security

Dec 14, 2022

PHP Vuln Threatens Confidentiality of Impacted Systems

May 11, 2023

News

Advisories

HOWTOs

Features

Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses

About Us

Powered By

Footer Logo