Package name
gnupg
Date
2013-10-10
Advisory ID
MDVSA-2013:247
Affected versions
MES5 i586 , MBS1 x86_64 , MES5 x86_64

Problem description

Multiple vulnerabilities has been discovered and corrected in gnupg:

GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with
all bits cleared (no usage permitted) as if it has all bits set
(all usage permitted), which might allow remote attackers to bypass
intended cryptographic protection mechanisms by leveraging the subkey
(CVE-2013-4351).

Special crafted input data may be used to cause a denial of service
against GPG. GPG can be forced to recursively parse certain parts of
OpenPGP messages ad infinitum (CVE-2013-4402).

The updated packages have been patched to correct this issue.

Updated packages

MES5 i586

 fbd115f23ec4f6a05582ae80e49e7645  mes5/i586/gnupg-1.4.9-5.3mdvmes5.2.i586.rpm
 6acd4c8754851b6538b65b0e47b0b713  mes5/i586/gnupg2-2.0.9-3.3mdvmes5.2.i586.rpm 
 241f14f857ac10bcdb27d85dada891dd  mes5/SRPMS/gnupg-1.4.9-5.3mdvmes5.2.src.rpm
 57f10f15a3dabba96af7a0056536613b  mes5/SRPMS/gnupg2-2.0.9-3.3mdvmes5.2.src.rpm

MBS1 x86_64

 284ac6d2ad095ce979df482fa99d210a  mbs1/x86_64/gnupg-1.4.12-3.2.mbs1.x86_64.rpm
 a118676f072c0a52988f2aeec6bf86af  mbs1/x86_64/gnupg2-2.0.18-3.2.mbs1.x86_64.rpm 
 8e07611a9d7e2d7ab16d01a6a9d4090b  mbs1/SRPMS/gnupg-1.4.12-3.2.mbs1.src.rpm
 db92e694092193f98dc2fd43fe6c3912  mbs1/SRPMS/gnupg2-2.0.18-3.2.mbs1.src.rpm

MES5 x86_64

 89b1885f005f3eaf6b0f9d11fb787554  mes5/x86_64/gnupg-1.4.9-5.3mdvmes5.2.x86_64.rpm
 e8066bcd0cfcab70000adc18598854f9  mes5/x86_64/gnupg2-2.0.9-3.3mdvmes5.2.x86_64.rpm 
 241f14f857ac10bcdb27d85dada891dd  mes5/SRPMS/gnupg-1.4.9-5.3mdvmes5.2.src.rpm
 57f10f15a3dabba96af7a0056536613b  mes5/SRPMS/gnupg2-2.0.9-3.3mdvmes5.2.src.rpm

References