USN-1987-1: GnuPG vulnerabilities

09 October 2013

Several security issues were fixed in GnuPG.

Releases

Packages

  • gnupg - GNU privacy guard - a free PGP replacement
  • gnupg2 - GNU privacy guard - a free PGP replacement

Details

Daniel Kahn Gillmor discovered that GnuPG treated keys with empty usage
flags as being valid for all usages. (CVE-2013-4351)

Taylor R Campbell discovered that GnuPG incorrectly handled certain OpenPGP
messages. If a user or automated system were tricked into processing a
specially-crafted message, GnuPG could consume resources, resulting in a
denial of service. (CVE-2013-4402)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 13.04
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 10.04

In general, a standard system update will make all the necessary changes.