GnuPG allows remote attackers to cause a denial of service
Bug #214194 reported by
Marian Sigler
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| gnupg (Gentoo Linux) |
Fix Released
|
Low
|
|||
| gnupg (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bug Description
>GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."
I could not find any information on this bug on launchpad or any other ubuntu site. Has this been fixed? A fix has been released [1] two weeks ago already.
[1] http://
CVE References
| Changed in gnupg: | |
| status: | New → Confirmed |
Revision history for this message
| Michael Bienia (geser) wrote | #1 |
| Changed in gnupg: | |
| status: | Confirmed → Invalid |
Revision history for this message
| Emanuele Gentili (emgent) wrote | #2 |
Revision history for this message
| Emanuele Gentili (emgent) wrote | #3 |
| Changed in gnupg: | |
| status: | Unknown → Fix Released |
| Changed in gnupg (Gentoo Linux): | |
| importance: | Unknown → Low |
To post a comment you must log in.
Citing http://
"[...]The only versions of GnuPG that have the bug are 1.4.8 and 2.0.8. No other versions."
As neither gnupg 1.4.8 nor gnupg 2.0.8 is included in Ubuntu (not even hardy) no Ubuntu version is affected by this problem.