|Category:||Debian Local Security Checks|
|Title:||Debian Security Advisory DSA 2601-1 (gnupg, gnupg2 - missing input sanitation)|
|Summary:||KB Sriram discovered that GnuPG, the GNU Privacy Guard did not;sufficiently sanitise public keys on import, which could lead to;memory and keyring corruption.;;The problem affects both version 1, in the gnupg package, and;version two, in the gnupg2;package.|
KB Sriram discovered that GnuPG, the GNU Privacy Guard did not
sufficiently sanitise public keys on import, which could lead to
memory and keyring corruption.
The problem affects both version 1, in the gnupg package, and
version two, in the gnupg2
gnupg, gnupg2 on Debian Linux
For the stable distribution (squeeze), this problem has been fixed in
version 1.4.10-4+squeeze1 of gnupg and version 2.0.14-2+squeeze1 of
For the testing distribution (wheezy) and unstable distribution (sid),
this problem has been fixed in version 1.4.12-7 of gnupg and
version 2.0.19-2 of gnupg2.
We recommend that you upgrade your gnupg and/or gnupg2 packages.
Common Vulnerability Exposure (CVE) ID: CVE-2012-6085|
BugTraq ID: 57102
RedHat Security Advisories: RHSA-2013:1459
XForce ISS Database: gnupg-public-keys-code-exec(80990)
|Copyright||Copyright (C) 2013 Greenbone Networks GmbH http://greenbone.net|
|This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.