1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2601-1] gnupg, gnupg2 security update

    From Thijs Kinkhorst@1:229/2 to All on Sun Jan 6 19:10:02 2013
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2601-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst January 06, 2013 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : gnupg, gnupg2
    Vulnerability : missing input sanitation
    Problem type : local (remote)
    Debian-specific: no
    CVE ID : CVE-2012-6085
    Debian Bug : 697108 697251

    KB Sriram discovered that GnuPG, the GNU Privacy Guard did not
    sufficiently sanitise public keys on import, which could lead to
    memory and keyring corruption.

    The problem affects both version 1, in the 'gnupg' package, and
    version two, in the 'gnupg2' package.

    For the stable distribution (squeeze), this problem has been fixed in
    version 1.4.10-4+squeeze1 of gnupg and version 2.0.19-2+squeeze1 of
    gnupg2.

    For the testing distribution (wheezy) and unstable distribution (sid),
    this problem has been fixed in version 1.4.12-7 of gnupg and
    version 2.0.19-2 of gnupg2.

    We recommend that you upgrade your gnupg and/or gnupg2 packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.12 (GNU/Linux)

    iQEcBAEBAgAGBQJQ6byDAAoJEFb2GnlAHawEwZUH/ilsKGkGF29k6ePNJWqRVIqe XgUvHVL6F9tj3QslHB92UnSJYSzsbmTPxEJiOE4LpPYNseQCz7ZrBZiQWcEmx1EA vswF9M0qp6ugC8Nu55kU47yWa4Q03QKs3KmbKkOkSZeZlfcxQhbgnog0omFtezzC dt5CZXgH/P0/wXWsDh/sh+tDmAVZbJO6druTxPi/lGFXz5jFTqbaiSI1oO0C7dWd 5JdLhCaxyl+vIiTaQoGCiPQjeYp4+v4TlV2yoJRk7SubXFSXZHl0GxoMxWqlnnmJ 3NgQVQz1pkJu8mBx4ctLEiVF+eMyFH1RwSmvUIXT3zz5Cp1FnOg8MJNwPe6UmJ4=
    =MyGp
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)