Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:2170-1

Опубликовано: 02 дек. 2015
Источник: suse-cvrf

Описание

Security update for gpg2

This update for gpg2 fixes the following issues:

  • Fix cve-2015-1606 (bsc#918089)
    • Invalid memory read using a garbled keyring
    • 0001-Gpg-prevent-an-invalid-memory-read-using-a-garbled-k.patch
  • Fix cve-2015-1607 (bsc#918090)
    • Memcpy with overlapping ranges
    • 0001-Use-inline-functions-to-convert-buffer-data-to-scala.patch

Список пакетов

SUSE Linux Enterprise Desktop 11 SP3
gpg2-2.0.9-25.33.41.2
gpg2-lang-2.0.9-25.33.41.2
SUSE Linux Enterprise Desktop 11 SP4
gpg2-2.0.9-25.33.41.2
gpg2-lang-2.0.9-25.33.41.2
SUSE Linux Enterprise Server 11 SP3
gpg2-2.0.9-25.33.41.2
gpg2-lang-2.0.9-25.33.41.2
SUSE Linux Enterprise Server 11 SP3-TERADATA
gpg2-2.0.9-25.33.41.2
gpg2-lang-2.0.9-25.33.41.2
SUSE Linux Enterprise Server 11 SP4
gpg2-2.0.9-25.33.41.2
gpg2-lang-2.0.9-25.33.41.2
SUSE Linux Enterprise Server for SAP Applications 11 SP3
gpg2-2.0.9-25.33.41.2
gpg2-lang-2.0.9-25.33.41.2
SUSE Linux Enterprise Server for SAP Applications 11 SP4
gpg2-2.0.9-25.33.41.2
gpg2-lang-2.0.9-25.33.41.2

Ссылки

Описание

The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:gpg2-2.0.9-25.33.41.2
SUSE Linux Enterprise Desktop 11 SP3:gpg2-lang-2.0.9-25.33.41.2
SUSE Linux Enterprise Desktop 11 SP4:gpg2-2.0.9-25.33.41.2
SUSE Linux Enterprise Desktop 11 SP4:gpg2-lang-2.0.9-25.33.41.2
Ссылки

Описание

kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges."

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:gpg2-2.0.9-25.33.41.2
SUSE Linux Enterprise Desktop 11 SP3:gpg2-lang-2.0.9-25.33.41.2
SUSE Linux Enterprise Desktop 11 SP4:gpg2-2.0.9-25.33.41.2
SUSE Linux Enterprise Desktop 11 SP4:gpg2-lang-2.0.9-25.33.41.2
Ссылки
Уязвимость SUSE-SU-2015:2170-1