Multiple vulnerabilities has been discovered and corrected in gnupg: GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared as if it has all bits set , which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey . Special crafted input data may be used to cause a denial of service against GPG. GPG can be forced to recursively parse certain parts of OpenPGP messages ad infinitum . The updated packages have been patched to correct this issue.