(RHSA-2010:0603) Moderate: gnupg2 security update

2010-08-04T04:00:00
ID RHSA-2010:0603
Type redhat
Reporter RedHat
Modified 2017-09-08T12:11:56

Description

The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard.

A use-after-free flaw was found in the way gpgsm, a Cryptographic Message Syntax (CMS) encryption and signing tool, handled X.509 certificates with a large number of Subject Alternate Names. A specially-crafted X.509 certificate could, when imported, cause gpgsm to crash or, possibly, execute arbitrary code. (CVE-2010-2547)

All gnupg2 users should upgrade to this updated package, which contains a backported patch to correct this issue.