CVE-2014-4617

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2014-4617 at MITRE

Description

The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

SUSE information

SUSE Bugzilla entry: 884130

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP3
  • gpg2 >= 2.0.9-25.33.39.1
  • gpg2-lang >= 2.0.9-25.33.39.1
Patchnames:
sledsp3-gpg2
SUSE Linux Enterprise Server 11 SP3
  • gpg2 >= 2.0.9-25.33.39.1
  • gpg2-lang >= 2.0.9-25.33.39.1
Patchnames:
slessp3-gpg2
SUSE Linux Enterprise Server for VMWare 11 SP3
  • gpg2 >= 2.0.9-25.33.39.1
  • gpg2-lang >= 2.0.9-25.33.39.1
Patchnames:
slessp3-gpg2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • gpg2 >= 2.0.9-25.33.39.1
  • gpg2-lang >= 2.0.9-25.33.39.1
Builds
SAT Patch Nr: 9433
openSUSE 12.3
  • gpg2 >= 2.0.19-5.16.1
  • gpg2-debuginfo >= 2.0.19-5.16.1
  • gpg2-debugsource >= 2.0.19-5.16.1
  • gpg2-lang >= 2.0.19-5.16.1
Patchnames:
openSUSE-2014-455
openSUSE 13.1
  • gpg2 >= 2.0.22-8.1
  • gpg2-debuginfo >= 2.0.22-8.1
  • gpg2-debugsource >= 2.0.22-8.1
  • gpg2-lang >= 2.0.22-8.1
Patchnames:
openSUSE-2014-455
openSUSE Evergreen 11.4
  • gpg2 >= 2.0.19-22.1
  • gpg2-debuginfo >= 2.0.19-22.1
  • gpg2-debugsource >= 2.0.19-22.1
  • gpg2-lang >= 2.0.19-22.1
Patchnames:
2014-1