5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
KB Sriram discovered that GnuPG, the GNU Privacy Guard did not
sufficiently sanitise public keys on import, which could lead to
memory and keyring corruption.
The problem affects both version 1, in the gnupg package, and
version two, in the gnupg2 package.
For the stable distribution (squeeze), this problem has been fixed in
version 1.4.10-4+squeeze1 of gnupg and version 2.0.14-2+squeeze1 of
gnupg2.
For the testing distribution (wheezy) and unstable distribution (sid),
this problem has been fixed in version 1.4.12-7 of gnupg and
version 2.0.19-2 of gnupg2.
We recommend that you upgrade your gnupg and/or gnupg2 packages.