The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard.
A use-after-free flaw was found in the way gpgsm, a Cryptographic Message Syntax (CMS) encryption and signing tool, handled X.509 certificates with a large number of Subject Alternate Names. A specially-crafted X.509 certificate could, when imported, cause gpgsm to crash or, possibly, execute arbitrary code. (CVE-2010-2547)
All gnupg2 users should upgrade to this updated package, which contains a backported patch to correct this issue.