MDVSA-2013:001
- Nom du paquet
- gnupg
- Date
- 2013-01-02
- Advisory ID
- MDVSA-2013:001
- Affected versions
- MES5 i586 , 2011 i586 , MES5 x86_64 , 2011 x86_64
Problem description
A vulnerability has been found and corrected in gnupg:
Versions of GnuPG <= 1.4.12 are vulnerable to memory access violations
and public keyring database corruption when importing public keys
that have been manipulated. An OpenPGP key can be fuzzed in such a
way that gpg segfaults (or has other memory access violations) when
importing the key (CVE-2012-6085).
The updated packages have been patched to correct this issue.
Updated packages
MES5 i586
87cf2d237da632f3238cadd38df047a9 mes5/i586/gnupg-1.4.9-5.1mdvmes5.2.i586.rpm b403c6bb18eb638bb55de58b4e643537 mes5/i586/gnupg2-2.0.9-3.2mdvmes5.2.i586.rpm 8a02c74da7cd60b3367c823c58a9f4f6 mes5/SRPMS/gnupg-1.4.9-5.1mdvmes5.2.src.rpm 14456c77033667a50acc0454f9a4b1fc mes5/SRPMS/gnupg2-2.0.9-3.2mdvmes5.2.src.rpm
2011 i586
b8e6c5c3a7f6a15b92bff451f836b458 2011/i586/gnupg-1.4.11-2.1-mdv2011.0.i586.rpm 584675a7e67f88f9c9ca32f1de09d668 2011/i586/gnupg2-2.0.18-1.1-mdv2011.0.i586.rpm 6e9756f40aba0d27a6c6253fcd6eefa8 2011/SRPMS/gnupg-1.4.11-2.1.src.rpm ee36fe03cc16a6f2082469646a41cd7b 2011/SRPMS/gnupg2-2.0.18-1.1.src.rpm
MES5 x86_64
fdade2d1f0e52a24cb25a92f38f0541f mes5/x86_64/gnupg-1.4.9-5.1mdvmes5.2.x86_64.rpm e9cbaef434f1c2366c9481c4ea81fb71 mes5/x86_64/gnupg2-2.0.9-3.2mdvmes5.2.x86_64.rpm 8a02c74da7cd60b3367c823c58a9f4f6 mes5/SRPMS/gnupg-1.4.9-5.1mdvmes5.2.src.rpm 14456c77033667a50acc0454f9a4b1fc mes5/SRPMS/gnupg2-2.0.9-3.2mdvmes5.2.src.rpm
2011 x86_64
3ec09c0d350970b4f28bfa1a27210f7a 2011/x86_64/gnupg-1.4.11-2.1-mdv2011.0.x86_64.rpm 193a7293fb3768d76919fa23b9a2e5f9 2011/x86_64/gnupg2-2.0.18-1.1-mdv2011.0.x86_64.rpm 6e9756f40aba0d27a6c6253fcd6eefa8 2011/SRPMS/gnupg-1.4.11-2.1.src.rpm ee36fe03cc16a6f2082469646a41cd7b 2011/SRPMS/gnupg2-2.0.18-1.1.src.rpm