Package name
gnupg
Date
2013-04-05
Advisory ID
MDVSA-2013:001-1
Affected versions
MBS1 x86_64

Problem description

A vulnerability has been found and corrected in gnupg:

Versions of GnuPG <= 1.4.12 are vulnerable to memory access violations
and public keyring database corruption when importing public keys
that have been manipulated. An OpenPGP key can be fuzzed in such a
way that gpg segfaults (or has other memory access violations) when
importing the key (CVE-2012-6085).

The updated packages have been patched to correct this issue.

Update:

Packages for Mandriva Business Server 1 is being provided.

Updated packages

MBS1 x86_64

 f1a5a0d27ff3bb19a18a999b9c70f76f  mbs1/x86_64/gnupg-1.4.12-2.1.mbs1.x86_64.rpm
 fef5da791d47bff01ed91a2345dc1bc3  mbs1/x86_64/gnupg2-2.0.18-2.1.mbs1.x86_64.rpm 
 ab83e4b619d9ba23f89ec48a61a17562  mbs1/SRPMS/gnupg-1.4.12-2.1.mbs1.src.rpm
 965885ac281cc2c73240e12d1e50a412  mbs1/SRPMS/gnupg2-2.0.18-2.1.mbs1.src.rpm

References