-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2967-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso June 25, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gnupg CVE ID : CVE-2014-4617 Debian Bug : 752497 Jean-René Reinhard, Olivier Levillain and Florian Maury reported that GnuPG, the GNU Privacy Guard, did not properly parse certain garbled compressed data packets. A remote attacker could use this flaw to mount a denial of service against GnuPG by triggering an infinite loop. For the stable distribution (wheezy), this problem has been fixed in version 1.4.12-7+deb7u4. For the unstable distribution (sid), this problem has been fixed in version 1.4.16-1.2. We recommend that you upgrade your gnupg packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJTqvKaAAoJEAVMuPMTQ89Ei1EP/RjbIo83jhQ0k+gbT1vTk5s9 5N//LKbRZvUDgns8dS7JYwFUo+YCmhcAtTY7iGPAwAkvREKvntpPLK+7kCjEZL6m 2KMCH4srKempLMAHxjgLcH/obNA3Y6QcgS/c7mSPoaw0BAYqOxhVWxBva0pRIx8P i6KT4n6dQ5bRnd+/qLJRuTNZNlBanBpTAXk42wD4LRxSFhMU5K7jILLcP2V/h4Bi X16KZj8rEh7LioQP2eQP3MMQjzEL1rsXM3AX4cIcTRLa79geTFNyjPJdOKlioO23 4lmTfER245GkNK3kKS8DxYKiGUa9JjKuXR37iUr/WPUUZfcOLVNTC/VufnDoXRYO 6a4ZYFI8piZfElIjpEILnAL2fUxBdXcDNIGwKM10FIypUUK9EHY8kmM8Oh1ILz7H oJd/ZfDrfECqGO7xeJ1OAR1mi/rrS4qXD4rkA6JD09GXwCty6uvzMuFI53k+ItIv lriTq3Cvwx5qmnitoOn7n/0l5GHhaMtGMu5ZkQx+cpfPPSLhCohnErvgmVLJ4qTd Gr7Dc1beFXdWAD6aH8vjBasksgym4AAK+PGWzzYjUBwFKnjyhuPzoDsua+xp+MnB UBcrWe60nJEP14Blg6QQBPJxUd93E9l0rjjFJWZY5MY55TnlCvZ07DfaXi/6C0Lc vCvw1DqrKHvf7tDZqylF =udZa -----END PGP SIGNATURE-----