Mandriva Linux Security Advisory : gnupg (MDVSA-2013:001-1)
Medium Nessus Plugin ID 63374
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability has been found and corrected in gnupg :
Versions of GnuPG <= 1.4.12 are vulnerable to memory access violations and public keyring database corruption when importing public keys that have been manipulated. An OpenPGP key can be fuzzed in such a way that gpg segfaults (or has other memory access violations) when importing the key (CVE-2012-6085).
The updated packages have been patched to correct this issue.
SolutionUpdate the affected gnupg and / or gnupg2 packages.