The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "gnupg": "1.4.16-1ubuntu2.3", "gpgv": "1.4.16-1ubuntu2.3", "gnupg-curl": "1.4.16-1ubuntu2.3", "gnupg-udeb": "1.4.16-1ubuntu2.3", "gpgv-udeb": "1.4.16-1ubuntu2.3" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "gpgsm": "2.0.22-3ubuntu1.3", "scdaemon": "2.0.22-3ubuntu1.3", "gnupg-agent": "2.0.22-3ubuntu1.3", "gnupg2": "2.0.22-3ubuntu1.3", "gpgv2": "2.0.22-3ubuntu1.3" } ] }