oss-sec mailing list archives
Re: CVE request: GnuPG-1
From: cve-assign () mitre org
Date: Tue, 24 Jun 2014 10:25:42 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342 http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html
This release includes a *security fix* to stop a possible DoS using garbled compressed data packets which can be used to put gpg into an infinite loop.
A packet like (a3 01 5b ff) leads to an infinite loop.
Use CVE-2014-4617 for this issue affecting both GnuPG 1.x before 1.4.17 and 2.x before 2.0.24. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTqYoHAAoJEKllVAevmvmsQhUIAMb33SXyGjEUBXPH5DcMA6hT f+0xo7Hk9eHCuOo2mYuCIOba/juCIDm1ur/KCCmEShk7LyLczDwIxROOnSGmyhTG kss5LIAqmYcvVbFveWnVVMvPJgYXBABBnhPjs3r2hFN8dgzYYKrz8rbR+SkTFoiK kKRMAeYOSbpp/vIq1KvippLmCqWpk78Em8lKy5A00I8H7fUHsz1nXjVftGGYH7Og J0ZFFRIYQUnm0tMRXPLzIf7WCxnQB0XMyI82ag6b4JS2BE1rBAKWZ6c3W1eKeGjy VHvwKL3sKycKcb8Z0TOR1N0oqwtouy8pvyV6gpD7Y5xubLGZ6mdQpq6CptbQILM= =Ft2X -----END PGP SIGNATURE-----
Current thread:
- CVE request: GnuPG-1 mancha (Jun 23)
- Re: CVE request: GnuPG-1 mancha (Jun 23)
- Re: CVE request: GnuPG-1 Werner Koch (Jun 24)
- Re: CVE request: GnuPG-1 Olivier Levillain (Jun 24)
- Re: CVE request: GnuPG-1 cve-assign (Jun 24)
- Re: CVE request: GnuPG-1 mancha (Jun 23)