Security update for GnuPG SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:2153-1 Final 1 1 2015-11-30T09:42:41Z current 2015-11-30T09:42:41Z 2015-11-30T09:42:41Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for GnuPG GnuPG was updated to fix two memory handling issues with potential security impact: * CVE-2015-1606: Invalid memory read using a garbled keyring (bsc#918089) * CVE-2015-1607: memcpy with overlapping ranges (bsc#918090) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-11/msg00171.html E-Mail link for openSUSE-SU-2015:2153-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings gpg2-2.0.22-12.1 gpg2-lang-2.0.22-12.1 The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file. CVE-2015-1606 low Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00171.html https://www.suse.com/security/cve/CVE-2015-1606.html CVE-2015-1606 https://bugzilla.suse.com/918089 SUSE Bug 918089 kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges." CVE-2015-1607 low Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00171.html https://www.suse.com/security/cve/CVE-2015-1607.html CVE-2015-1607 https://bugzilla.suse.com/918090 SUSE Bug 918090