Mandriva Linux Security Advisory 2013-247 October 10, 2013
News

Mandriva Linux Security Advisory 2013-247 – GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared as if it has all bits set, which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey. Special crafted input data may be used to cause a denial of service against GPG. GPG can be forced to recursively parse certain parts of OpenPGP messages ad infinitum. The updated packages have been patched to correct this issue…. Mandriva Linux Security Advisory 2013-247 – GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared as if it has all bits set, which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey. Special crafted input data may be used to cause a denial of service against GPG. GPG can be forced to recursively parse certain parts of OpenPGP messages ad infinitum. The updated packages have been patched to correct this issue.

Read more http://packetstormsecurity.com/files/123573/MDVSA-2013-247.txt