Описание
Security update for gpg2
The gpg2 package was updated to fix the following security and non security issues:
-
CVE-2015-1606: Fixed invalid memory read using a garbled keyring (bsc#918089).
-
CVE-2015-1607: Fixed memcpy with overlapping ranges (bsc#918090).
-
bsc#955753: Fixed a regression of 'gpg --recv' due to keyserver import filter (also boo#952347).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
Ссылки
- Link for SUSE-SU-2015:2171-2
- E-Mail link for SUSE-SU-2015:2171-2
- SUSE Security Ratings
- SUSE Bug 918089
- SUSE Bug 918090
- SUSE Bug 952347
- SUSE Bug 955753
- SUSE CVE CVE-2015-1606 page
- SUSE CVE CVE-2015-1607 page
Описание
The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.
Затронутые продукты
Ссылки
- CVE-2015-1606
- SUSE Bug 918089
Описание
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges."
Затронутые продукты
Ссылки
- CVE-2015-1607
- SUSE Bug 918090