GLSA-200608-08 : GnuPG: Integer overflow vulnerability
Medium Nessus Plugin ID 22166
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200608-08 (GnuPG: Integer overflow vulnerability)
Evgeny Legerov discovered a vulnerability in GnuPG that when certain packets are handled an integer overflow may occur.
By sending a specially crafted email to a user running an affected version of GnuPG, a remote attacker could possibly execute arbitrary code with the permissions of the user running GnuPG.
There is no known workaround at this time.
SolutionAll GnuPG users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '=app-crypt/gnupg-1.4*'