Oval Definition:oval:com.redhat.rhsa:def:20131459
Revision Date:2013-10-24Version:635
Title:RHSA-2013:1459: gnupg2 security update (Moderate)
Description:The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard.

  • A denial of service flaw was found in the way GnuPG parsed certain compressed OpenPGP packets. An attacker could use this flaw to send specially crafted input data to GnuPG, making GnuPG enter an infinite loop when parsing data. (CVE-2013-4402)

  • It was found that importing a corrupted public key into a GnuPG keyring database corrupted that keyring. An attacker could use this flaw to trick a local user into importing a specially crafted public key into their keyring database, causing the keyring to be corrupted and preventing its further use. (CVE-2012-6085)

  • It was found that GnuPG did not properly interpret the key flags in a PGP key packet. GPG could accept a key for uses not indicated by its holder. (CVE-2013-4351)

    Red Hat would like to thank Werner Koch for reporting the CVE-2013-4402 issue. Upstream acknowledges Taylor R Campbell as the original reporter.

    All gnupg2 users are advised to upgrade to this updated package, which contains backported patches to correct these issues.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2012-6085
    CVE-2012-6085
    CVE-2013-4351
    CVE-2013-4351
    CVE-2013-4402
    CVE-2013-4402
    RHSA-2013:1459
    RHSA-2013:1459-00
    RHSA-2013:1459-01
    Platform(s):Red Hat Enterprise Linux 5
    Red Hat Enterprise Linux 6
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • gnupg2 is earlier than 0:2.0.14-6.el6_4
  • AND gnupg2 is signed with Red Hat redhatrelease2 key
  • gnupg2-smime is earlier than 0:2.0.14-6.el6_4
  • AND gnupg2-smime is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND gnupg2 is earlier than 0:2.0.10-6.el5_10
  • AND gnupg2 is signed with Red Hat redhatrelease2 key
  • BACK