Packages
Details
Daniel Kahn Gillmor discovered that GnuPG treated keys with empty usage
flags as being valid for all usages. (CVE-2013-4351)
Taylor R Campbell discovered that GnuPG incorrectly handled certain OpenPGP
messages. If a user or automated system were tricked into processing a
specially-crafted message, GnuPG could consume resources, resulting in a
denial of service. (CVE-2013-4402)
Daniel Kahn Gillmor discovered that GnuPG treated keys with empty usage
flags as being valid for all usages. (CVE-2013-4351)
Taylor R Campbell discovered that GnuPG incorrectly handled certain OpenPGP
messages. If a user or automated system were tricked into processing a
specially-crafted message, GnuPG could consume resources, resulting in a
denial of service. (CVE-2013-4402)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
Ubuntu Release | Package Version | ||
---|---|---|---|
13.04 raring | gnupg2 – 2.0.19-2ubuntu1.1 | ||
gnupg – 1.4.12-7ubuntu1.2 | |||
12.10 quantal | gnupg2 – 2.0.17-2ubuntu3.2 | ||
gnupg – 1.4.11-3ubuntu4.3 | |||
12.04 precise | gnupg2 – 2.0.17-2ubuntu2.12.04.3 | ||
gnupg – 1.4.11-3ubuntu2.4 | |||
10.04 lucid | gnupg2 – 2.0.14-1ubuntu1.6 | ||
gnupg – 1.4.10-2ubuntu1.4 |
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.