GnuPG: Denial of service

GnuPG: Denial of service A vulnerability in GnuPG can lead to a Denial of Service condition. GnuPG. 2014-07-16 2014-07-16 514718 local, remote 2.0.24 1.4.17 1.4.18 1.4.19 1.4.20 1.4.21 2.0.24

The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software.

GnuPG does not properly handle a specially crated compressed packet resulting in an infinite loop.

A context-dependent attacker can cause a Denial of Service.

There is no known workaround at this time.

All GnuPG 2.0 users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=app-crypt/gnupg-2.0.24"

All GnuPG 1.4 users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=app-crypt/gnupg-1.4.17"

CVE-2014-4617 K_F K_F