USN-970-1: GnuPG2 vulnerability
11 August 2010
- gnupg2 -
It was discovered that GPGSM in GnuPG2 did not correctly handle
certificates with a large number of Subject Alternate Names. If a user or
automated system were tricked into processing a specially crafted
certificate, an attacker could cause a denial of service or execute
arbitrary code with privileges of the user invoking the program.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.