ALAS-2015-574


Amazon Linux 1 Security Advisory: ALAS-2015-574
Advisory Release Date: 2015-07-28 11:35 Pacific
Advisory Updated Date: 2015-07-28 11:35 Pacific
Severity: Low

Issue Overview:

It was reported (https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html) that gnupg2 keyring DB code did not reject packets which don't belong into a keyring, which may lead to invalid read of sizeof (int).


Affected Packages:

gnupg2


Issue Correction:
Run yum update gnupg2 to update your system.

New Packages:
i686:
    gnupg2-debuginfo-2.0.28-1.30.amzn1.i686
    gnupg2-2.0.28-1.30.amzn1.i686
    gnupg2-smime-2.0.28-1.30.amzn1.i686

src:
    gnupg2-2.0.28-1.30.amzn1.src

x86_64:
    gnupg2-debuginfo-2.0.28-1.30.amzn1.x86_64
    gnupg2-smime-2.0.28-1.30.amzn1.x86_64
    gnupg2-2.0.28-1.30.amzn1.x86_64