CVE-2008-1530
Published: 27 March 2008
GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."
Notes
Author | Note |
---|---|
jdstrand | verified all ubuntu releases not affected (amd64 kvm) upcoming 1.4.9 and 2.0.9 will have fix |
Priority
Status
Package | Release | Status |
---|---|---|
gnupg Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
(1.4.9)
|
dapper |
Not vulnerable
(1.4.2.2-1ubuntu2.5)
|
|
edgy |
Not vulnerable
(1.4.3-2ubuntu3.3)
|
|
feisty |
Not vulnerable
(1.4.6-1ubuntu2)
|
|
gutsy |
Not vulnerable
(1.4.6-2ubuntu4)
|
|
hardy |
Not vulnerable
(1.4.6-2ubuntu5)
|
|
gnupg2 Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
(2.0.9)
|
dapper |
Not vulnerable
(1.9.19-2)
|
|
edgy |
Not vulnerable
(1.9.21-0ubuntu5.3)
|
|
feisty |
Not vulnerable
(2.0.3-1ubuntu1)
|
|
gutsy |
Not vulnerable
(2.0.4-1ubuntu3)
|
|
hardy |
Not vulnerable
(2.0.7-1)
|