Debian Security Advisory

DLA-54-1 gnupg -- LTS security update

Date Reported:
14 Sep 2014
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2014-5270.
More information:

Genkin, Pipman and Tromer discovered a side-channel attack on Elgamal encryption subkeys (CVE-2014-5270).

In addition, this update hardens GnuPG's behaviour when treating keyserver responses; GnuPG now filters keyserver responses to only accepts those keyids actually requested by the user.

For Debian 6 Squeeze, these issues have been fixed in gnupg version 1.4.10-4+squeeze6