USN-5431-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-5431-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-5431-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-5431-1
Related
  • CVE-2019-13050
Published
2022-05-30T08:24:09.471076Z
Modified
2022-05-30T08:24:09.471076Z
Summary
gnupg2 vulnerability
Details

It was discovered that GnuPG was not properly processing keys with large amounts of signatures. An attacker could possibly use this issue to cause a denial of service.

References

Affected packages

Ubuntu:18.04:LTS / gnupg2

Package

Name
gnupg2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.4-1ubuntu1.5

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "dirmngr": "2.2.4-1ubuntu1.5",
            "gpg": "2.2.4-1ubuntu1.5",
            "gpg-agent": "2.2.4-1ubuntu1.5",
            "gpgsm": "2.2.4-1ubuntu1.5",
            "gnupg": "2.2.4-1ubuntu1.5",
            "gnupg2": "2.2.4-1ubuntu1.5",
            "gpgconf": "2.2.4-1ubuntu1.5",
            "scdaemon": "2.2.4-1ubuntu1.5",
            "gnupg-utils": "2.2.4-1ubuntu1.5",
            "gnupg-agent": "2.2.4-1ubuntu1.5",
            "gpgv-static": "2.2.4-1ubuntu1.5",
            "gpgv": "2.2.4-1ubuntu1.5",
            "gpg-wks-client": "2.2.4-1ubuntu1.5",
            "gpgv-win32": "2.2.4-1ubuntu1.5",
            "gpg-wks-server": "2.2.4-1ubuntu1.5",
            "gnupg-l10n": "2.2.4-1ubuntu1.5",
            "gpgv2": "2.2.4-1ubuntu1.5"
        }
    ]
}