Advisories » MGASA-2016-0157

Updated pgpdump packages fix security vulnerability

Publication date: 29 Apr 2016
Modification date: 29 Apr 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-4021

Description

When pgpdump is run on specially crafted input, a denial of service
condition occurs. The program runs with 100% CPU usage for an indefinite
amount of time. A remote attacker is able to create a specially crafted
input that is leading to CPU resource consumption resulting in denial of
service (CVE-2016-4021).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18262
• https://github.com/kazu-yamamoto/pgpdump/blob/master/CHANGES
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4021

SRPMS

5/core

• pgpdump-0.30-1.mga5