Novell Home

CVE-2014-4617

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2014-4617 at MITRE

Description

The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Novell/SUSE information

Novell Bugzilla entry: 884130

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE CORE 9 for AMD64 and Intel EM64T
  • gpg >= 1.2.4-68.77
Builds
YOU Patch Nr: 13016
SUSE Linux Enterprise Server 11 SP1
  • gpg2-debuginfo >= 2.0.9-25.33.39.1
Builds
SAT Patch Nr: 9432
SLE 11 SP3 DEBUGINFO
  • gpg2-debuginfo >= 2.0.9-25.33.39.1
  • gpg2-debugsource >= 2.0.9-25.33.39.1
Builds
SAT Patch Nr: 9433
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • gpg2 >= 2.0.9-25.33.39.1
  • gpg2-lang >= 2.0.9-25.33.39.1
Builds
SAT Patch Nr: 9433

© 2014 Novell