Univention Bugzilla – Bug 35191
gnupg2 Denial of service (3.2)
Last modified: 2016-06-22 15:05:29 CEST
+++ This bug was initially created as a clone of Bug #35190 +++ Denial of service through malformed packets (CVE-2014-4617)
CVE-2015-1606: use after free when using non-standard keyring CVE-2015-1607: memcpy with overlapping ranges when using non-standard keyring
CVE-2015-1606 and CVE-2015-1607 have been classified as "Minor issue" in Debian. 2.0.14-2+squeeze3 imported and built with fixed buildsystem version increment Advisory: gnupg2.yaml
OK: advisory OK: manual functional test: # aptitude install pinentry-curses # aptitude remove pinentry-gtk2 # gpg-agent --daemon → GPG_AGENT_INFO=/tmp/gpg-g8SfkX/S.gpg-agent:18728:1; export GPG_AGENT_INFO; # gpg --gen-key # cat /etc/fstab | gpg2 --detach-sign --local-user test2@univention.de > fstab.sig2 # gpg --verify fstab.sig2 /etc/fstab → gpg: Korrekte Unterschrift von "Uni Test 2 <test2@univention.de>" # test "$(sha256sum /etc/fstab | cut -f 1 -d ' ')" = "$(cat /etc/fstab | gpg --encrypt --recipient test2@univention.de | gpg --decrypt - | sha256sum | cut -f 1 -d ' ')" && echo OK → OK
<http://errata.software-univention.de/ucs/3.2/436.html>