[SECURITY] Fedora 13 Update: gnupg2-2.0.14-4.fc13

updates at fedoraproject.org updates at fedoraproject.org
Tue Aug 3 00:46:29 UTC 2010 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-11413
2010-07-27 01:36:29
--------------------------------------------------------------------------------

Name        : gnupg2
Product     : Fedora 13
Version     : 2.0.14
Release     : 4.fc13
URL         : http://www.gnupg.org/
Summary     : Utility for secure communication and data storage
Description :
GnuPG is GNU's tool for secure communication and data storage.  It can
be used to encrypt data and to create digital signatures.  It includes
an advanced key management facility and is compliant with the proposed
OpenPGP Internet standard as described in RFC2440 and the S/MIME
standard as described by several RFCs.

GnuPG 2.0 is a newer version of GnuPG with additional support for
S/MIME.  It has a different design philosophy that splits
functionality up into several modules. The S/MIME and smartcard functionality
is provided by the gnupg2-smime package.

--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 23 2010 Rex Dieter <rdieter at fedoraproject.org> - 2.0.14-4
- gpgsm realloc patch
* Fri Jun 18 2010 Tomas Mraz <tmraz at redhat.com> - 2.0.14-3
- initialize small amount of secmem for list of algorithms in help (#598847)
  (necessary in the FIPS mode of libgcrypt)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #618156 - GnuPG 2.0: Use-after-free by importing certificate with many sANs
        https://bugzilla.redhat.com/show_bug.cgi?id=618156
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update gnupg2' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list