Advisories » MGASA-2015-0359

Updated gnupg packages fix security vulnerabilities

Publication date: 13 Sep 2015
Modification date: 13 Sep 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-1606 , CVE-2015-1607

Description

Updated gnupg and gnupg2 packages fix security vulnerabilities:

Hanno Böck discovered that GnuPG incorrectly handled certain malformed
keyrings. If a user or automated system were tricked into opening a
malformed keyring, a remote attacker could use this issue to cause GnuPG to
crash, resulting in a denial of service, or possibly execute arbitrary
code (CVE-2015-1606, CVE-2015-1607).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15483
• http://www.ubuntu.com/usn/usn-2554-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1606
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1607

SRPMS

4/core

• gnupg-1.4.16-1.3.mga4
• gnupg2-2.0.22-3.2.mga4