Advisories » MGASA-2014-0276

Updated gnupg & gnupg2 packages fixes CVE-2014-4617

Publication date: 27 Jun 2014
Modification date: 27 Jun 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-4617

Description

Updated gnupg and gnupg2 packages fix security vulnerability:

GnuPG versions before 1.4.17 and 2.0.24 are vulnerable to a denial of
service which can be caused by garbled compressed data packets which
may put gpg into an infinite loop (CVE-2014-4617).
                

References

• http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html
• http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html
• http://openwall.com/lists/oss-security/2014/06/24/14
• https://bugs.mageia.org/show_bug.cgi?id=13590
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4617

SRPMS

3/core

• gnupg-1.4.14-1.3.mga3
• gnupg2-2.0.19-3.3.mga3

4/core

• gnupg-1.4.16-1.1.mga4
• gnupg2-2.0.22-3.1.mga4