Debian alert DSA-2968-1 (gnupg2)
| From: | Salvatore Bonaccorso <carnil@debian.org> | |
| To: | debian-security-announce@lists.debian.org | |
| Subject: | [SECURITY] [DSA 2968-1] gnupg2 security update | |
| Date: | Fri, 27 Jun 2014 08:14:38 +0000 | |
| Message-ID: | <E1X0RIs-0000AY-Dh@master.debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2968-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso June 27, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gnupg2 CVE ID : CVE-2014-4617 Debian Bug : 752498 Jean-Rene Reinhard, Olivier Levillain and Florian Maury reported that GnuPG, the GNU Privacy Guard, did not properly parse certain garbled compressed data packets. A remote attacker could use this flaw to mount a denial of service against GnuPG by triggering an infinite loop. For the stable distribution (wheezy), this problem has been fixed in version 2.0.19-2+deb7u2. For the testing distribution (jessie), this problem has been fixed in version 2.0.24-1. For the unstable distribution (sid), this problem has been fixed in version 2.0.24-1. We recommend that you upgrade your gnupg2 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJTrSUZAAoJEAVMuPMTQ89ExOEP/1Ycmnphx4Quq4BvlIFM8EbR vhH2tfBSUr4VAgik2AkGKOUTaci6qJLrs9Sf4lGnjobTXFn8+BitNiO3AFn2wIq1 eIqosXZxUflNquCvSyfxjid8MuJk7DOzSca8QENlTQfDKk+5LpWGfKM1I2dKSvOh Q4KTfcQU6nM17Epczj6eAUDqGdX+I5qPBJLTD5Cc+t9eOy2Erdaj+NWUc/lBDjgo oQDw/ytZLzI5AwJoc1dAtQR0pEbNlBXrGOs9p1+8VdZ4V7cNjkPJLtsHZj0d+M8o 0/4IsKQEM4Fzu4nrjTiiLDpf2+tYqHMtst9AzY0Hf1gaZAGA0Sdx5Kvts5zBSfz8 WbiKTZvvLqgkWUOdxqIf9/tT6tbr8vkuNPdtcBnvyIM8fb4MiXcBBbhG03fTgvpr f776rjk6Y3IWHp0RhNBn8Lep4YGExzyoKikTqUjQoHcMGVhCBtcAfTnLlCKc8IVz UPyp0gzv1GTrMeZq8riyLckBpBMTf0i8bEncK/0buyBwDevjdFGSUoBh+hsqtktV dUYNTLpSJoqAAbWCqytiPQ7A6VP5IyuXmUcn1vIFTV9gGFsChpIJFQ/Y298X6xM6 u+Z7NhZjcrvfGy+I7Hcv1q1tHQszdvPJZc46dFBKhpupKA+swvg3iG4FbTxNPOH1 kk6B9YFnYI+Nq2zzcyAr =7fez -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: https://lists.debian.org/E1X0RIs-0000AY-Dh@master.debian....