USN-1987-1: GnuPG vulnerabilities
9 October 2013
Several security issues were fixed in GnuPG.
- gnupg - GNU privacy guard - a free PGP replacement
- gnupg2 - GNU privacy guard - a free PGP replacement
Daniel Kahn Gillmor discovered that GnuPG treated keys with empty usage
flags as being valid for all usages. (CVE-2013-4351)
Taylor R Campbell discovered that GnuPG incorrectly handled certain OpenPGP
messages. If a user or automated system were tricked into processing a
specially-crafted message, GnuPG could consume resources, resulting in a
denial of service. (CVE-2013-4402)
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.