1. Ubuntu Security Notices
  2. USN-2258-1

USN-2258-1: GnuPG vulnerability

Publication date

26 June 2014

Overview

GnuPG could be made to hang if it processed a specially crafted message.

Releases

Packages

  • gnupg - GNU privacy guard - a free PGP replacement
  • gnupg2 - GNU privacy guard - a free PGP replacement

Details

Jean-René Reinhard, Olivier Levillain and Florian Maury discovered that
GnuPG incorrectly handled certain OpenPGP messages. If a user or automated
system were tricked into processing a specially-crafted message, GnuPG
could consume resources, resulting in a denial of service.

Jean-René Reinhard, Olivier Levillain and Florian Maury discovered that
GnuPG incorrectly handled certain OpenPGP messages. If a user or automated
system were tricked into processing a specially-crafted message, GnuPG
could consume resources, resulting in a denial of service.

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
14.04 trusty gnupg –  1.4.16-1ubuntu2.1
gnupg2 –  2.0.22-3ubuntu1.1
13.10 saucy gnupg –  1.4.14-1ubuntu2.2
gnupg2 –  2.0.20-1ubuntu3.1
12.04 precise gnupg –  1.4.11-3ubuntu2.6
gnupg2 –  2.0.17-2ubuntu2.12.04.4
10.04 lucid gnupg –  1.4.10-2ubuntu1.6
gnupg2 –  2.0.14-1ubuntu1.7

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›