FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gnupg -- possible DoS using garbled compressed data packets

Affected packages
gnupg1 < 1.4.17
gnupg < 2.0.24

Details

VuXML ID 1c840eb9-fb32-11e3-866e-b499baab0cbe
Discovery 2014-06-23
Entry 2014-06-23

Werner Koch reports:

This release includes a *security fix* to stop a possible DoS using garbled compressed data packets which can be used to put gpg into an infinite loop.

References

URL http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html
URL http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html