| Revision Date: | 2014-09-08 | Version: | 3 |
| Title: | SUSE-SU-2014:0750-1 -- Security update for gpg2 |
| Description: | This is a SLES 11 SP1 LTSS rollup update for gpg2.The following security issues have been fixed: * CVE-2013-4402: The compressed packet parser in GnuPG allowed remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message. * CVE-2013-4351: GnuPG treated a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might have allowed remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey. * CVE-2012-6085: The read_block function in g10/import.c in GnuPG, when importing a key, allowed remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.Also the following non-security bugs have been fixed: * set the umask before opening a file for writing (bnc#780943) * select proper ciphers when running in FIPS mode (bnc#808958) * add missing options to opts table (bnc#778723) |
| Family: | unix | Class: | patch |
| Status: | ACCEPTED | Reference(s): | CVE-2012-6085
CVE-2013-4351
CVE-2013-4402
SUSE-SU-2014:0750-1
|
| Platform(s): | SUSE Linux Enterprise Server 11
| Product(s): | gpg2
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 11.x is installed AND Packages match section
gpg2 RPM is earlier than 0:2.0.9-25.33.37.6
OR gpg2-lang RPM is earlier than 0:2.0.9-25.33.37.6
|