Debian Security Advisory
DLA-768-1 pgpdump -- LTS security update
- Date Reported:
- 30 Dec 2016
- Affected Packages:
- pgpdump
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 773747.
In Mitre's CVE dictionary: CVE-2016-4021. - More information:
-
The read_binary function in buffer.c in pgpdump, a PGP packet visualizer, allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input. This was assigned CVE-2016-4021.
Also, the read_radix64 function the might read data from beyond the end of a buffer from crafted input.
For Debian 7
Wheezy
, these problems have been fixed in version 0.27-1+deb7u1.For Debian 8
Jessie
, these problems will be fixed in version 0.28-1+deb8u1, part of the upcoming point releaseFor Debian 9
Stretch
andSid
, these problems have been fixed in version 0.31-0.1We recommend that you upgrade your pgpdump packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS