Package name
gnupg
Date
2013-01-02
Advisory ID
MDVSA-2013:001
Affected versions
MES5 i586 , 2011 i586 , MES5 x86_64 , 2011 x86_64

Problem description

A vulnerability has been found and corrected in gnupg:

Versions of GnuPG <= 1.4.12 are vulnerable to memory access violations
and public keyring database corruption when importing public keys
that have been manipulated. An OpenPGP key can be fuzzed in such a
way that gpg segfaults (or has other memory access violations) when
importing the key (CVE-2012-6085).

The updated packages have been patched to correct this issue.

Updated packages

MES5 i586

 87cf2d237da632f3238cadd38df047a9  mes5/i586/gnupg-1.4.9-5.1mdvmes5.2.i586.rpm
 b403c6bb18eb638bb55de58b4e643537  mes5/i586/gnupg2-2.0.9-3.2mdvmes5.2.i586.rpm 
 8a02c74da7cd60b3367c823c58a9f4f6  mes5/SRPMS/gnupg-1.4.9-5.1mdvmes5.2.src.rpm
 14456c77033667a50acc0454f9a4b1fc  mes5/SRPMS/gnupg2-2.0.9-3.2mdvmes5.2.src.rpm

2011 i586

 b8e6c5c3a7f6a15b92bff451f836b458  2011/i586/gnupg-1.4.11-2.1-mdv2011.0.i586.rpm
 584675a7e67f88f9c9ca32f1de09d668  2011/i586/gnupg2-2.0.18-1.1-mdv2011.0.i586.rpm 
 6e9756f40aba0d27a6c6253fcd6eefa8  2011/SRPMS/gnupg-1.4.11-2.1.src.rpm
 ee36fe03cc16a6f2082469646a41cd7b  2011/SRPMS/gnupg2-2.0.18-1.1.src.rpm

MES5 x86_64

 fdade2d1f0e52a24cb25a92f38f0541f  mes5/x86_64/gnupg-1.4.9-5.1mdvmes5.2.x86_64.rpm
 e9cbaef434f1c2366c9481c4ea81fb71  mes5/x86_64/gnupg2-2.0.9-3.2mdvmes5.2.x86_64.rpm 
 8a02c74da7cd60b3367c823c58a9f4f6  mes5/SRPMS/gnupg-1.4.9-5.1mdvmes5.2.src.rpm
 14456c77033667a50acc0454f9a4b1fc  mes5/SRPMS/gnupg2-2.0.9-3.2mdvmes5.2.src.rpm

2011 x86_64

 3ec09c0d350970b4f28bfa1a27210f7a  2011/x86_64/gnupg-1.4.11-2.1-mdv2011.0.x86_64.rpm
 193a7293fb3768d76919fa23b9a2e5f9  2011/x86_64/gnupg2-2.0.18-1.1-mdv2011.0.x86_64.rpm 
 6e9756f40aba0d27a6c6253fcd6eefa8  2011/SRPMS/gnupg-1.4.11-2.1.src.rpm
 ee36fe03cc16a6f2082469646a41cd7b  2011/SRPMS/gnupg2-2.0.18-1.1.src.rpm

References