[ MDVSA-2015:154 ] gnupg

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:154
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : gnupg
 Date    : March 29, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated gnupg, gnupg2 and libgcrypt packages fix security
 vulnerabilities:
 
 GnuPG versions before 1.4.17 and 2.0.24 are vulnerable to a denial
 of service which can be caused by garbled compressed data packets
 which may put gpg into an infinite loop (CVE-2014-4617).
 
 The libgcrypt library before version 1.5.4 is vulnerable to an ELGAMAL
 side-channel attack (CVE-2014-5270).
 
 GnuPG before 1.4.19 is vulnerable to a side-channel attack which can
 potentially lead to an information leak (CVE-2014-3591).
 
 GnuPG before 1.4.19 i

007 Software

[ MDVSA-2015:154 ] gnupg

Leave a Reply Cancel reply

Software and Security Information