MDVSA-2013:247 -- Mandriva gnupgID: oval:org.secpod.oval:def:1300237 | Date: (C)2013-11-01 (M)2023-12-07 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been discovered and corrected in gnupg: GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared as if it has all bits set , which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey . Special crafted input data may be used to cause a denial of service against GPG. GPG can be forced to recursively parse certain parts of OpenPGP messages ad infinitum . The updated packages have been patched to correct this issue.
Platform: |
Mandriva Enterprise Server 5.2 |