USN-2258-1: GnuPG vulnerability

26 June 2014

GnuPG could be made to hang if it processed a specially crafted message.

Releases

Packages

  • gnupg - GNU privacy guard - a free PGP replacement
  • gnupg2 - GNU privacy guard - a free PGP replacement

Details

Jean-René Reinhard, Olivier Levillain and Florian Maury discovered that
GnuPG incorrectly handled certain OpenPGP messages. If a user or automated
system were tricked into processing a specially-crafted message, GnuPG
could consume resources, resulting in a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04
Ubuntu 13.10
Ubuntu 12.04
Ubuntu 10.04

In general, a standard system update will make all the necessary changes.

References