[v3.0] gnupg: infinite loop in g10/compress.c (CVE-2014-4617)
The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.
•MLIST:[gnupg-announce] 20140623 [security fix] GnuPG 1.4.17
released
•URL:
http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html
•MLIST:[gnupg-announce] 20140624 [security fix] GnuPG 2.0.24
released
•URL:
http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html
•CONFIRM:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342
•CONFIRM:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a
(from redmine: issue id 3096, created on 2014-06-26, closed on 2014-07-24)
- Relations:
- parent #3092 (closed)
- Changesets:
- Revision 4eb7a43f by Natanael Copa on 2014-07-22T09:19:47Z:
main/gnupg1: security upgrade to 1.4.17 (CVE-2014-4617)
fixes #3096