| Description: | This GnuPG LTSS roll-up update fixes two security issues: * CVE-2013-4351: GnuPG treated no-usage-permitted keysas all-usages-permitted. * CVE-2013-4402: An infinite recursion in thecompressed packet parser was fixed. * CVE-2013-4242: GnuPG allowed local users to obtainprivate RSA keys via a cache side-channel attack involvingthe L3 cache, aka Flush+Reload. * CVE-2012-6085: The read_block function ing10/import.c in GnuPG 1.4.x, when importing a key, allowedremote attackers to corrupt the public keyring database orcause a denial of service (application crash) via a craftedlength field of an OpenPGP packet. |