Debian Security Advisory
DLA-54-1 gnupg -- LTS security update
- Date Reported:
- 14 Sep 2014
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-5270.
- More information:
Genkin, Pipman and Tromer discovered a side-channel attack on Elgamal encryption subkeys (CVE-2014-5270).
In addition, this update hardens GnuPG's behaviour when treating keyserver responses; GnuPG now filters keyserver responses to only accepts those keyids actually requested by the user.
For Debian 6
Squeeze, these issues have been fixed in gnupg version 1.4.10-4+squeeze6