Security
Security
A vulnerability in GnuPG can lead to a Denial of Service condition.
| Package | app-crypt/gnupg on all architectures |
|---|---|
| Affected versions | < 2.0.24 |
| Unaffected versions | >= 2.0.24 revision >= 1.4.17 revision >= 1.4.18 revision >= 1.4.19 revision >= 1.4.20 revision >= 1.4.21 |
The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software.
GnuPG does not properly handle a specially crated compressed packet resulting in an infinite loop.
A context-dependent attacker can cause a Denial of Service.
There is no known workaround at this time.
All GnuPG 2.0 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-crypt/gnupg-2.0.24"
All GnuPG 1.4 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-crypt/gnupg-1.4.17"
Release date
July 16, 2014
Latest revision
July 16, 2014: 1
Severity
normal
Exploitable
local, remote
Bugzilla entries