Amazon Linux 2 Security Advisory: ALAS-2019-1203
Advisory Release Date: 2019-05-02 18:47 Pacific
Advisory Updated Date: 2019-05-03 00:13 Pacific
Severity:
Medium
References:
CVE-2014-4617
Issue Overview:
The do_uncompress function in g10/compress.c allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.(CVE-2014-4617)
Affected Packages:
gnupg2
Issue Correction:
Run yum update gnupg2 to update your system.
New Packages:
aarch64:
gnupg2-2.0.22-5.amzn2.0.3.aarch64
gnupg2-smime-2.0.22-5.amzn2.0.3.aarch64
gnupg2-debuginfo-2.0.22-5.amzn2.0.3.aarch64
i686:
gnupg2-2.0.22-5.amzn2.0.3.i686
gnupg2-smime-2.0.22-5.amzn2.0.3.i686
gnupg2-debuginfo-2.0.22-5.amzn2.0.3.i686
src:
gnupg2-2.0.22-5.amzn2.0.3.src
x86_64:
gnupg2-2.0.22-5.amzn2.0.3.x86_64
gnupg2-smime-2.0.22-5.amzn2.0.3.x86_64
gnupg2-debuginfo-2.0.22-5.amzn2.0.3.x86_64