DSA-2076-1 gnupg2 -- use-after-freeID: oval:org.secpod.oval:def:600091 | Date: (C)2011-01-28 (M)2024-02-08 |
Class: PATCH | Family: unix |
It was discovered that GnuPG 2 uses a freed pointer when verify a signature or importing a certificate with many Subject Alternate Names, potentially leading to arbitrary code execution. For the stable distribution , this problem has been fixed in version 2.0.9-3.1+lenny1. For the unstable distribution , this problem has been fixed in version 2.0.14-2. GnuPG 1 is not affected by this problem. We recommend that you upgrade your gnupg2 packages.