CVE-2014-1921

Name of the Vulnerable Software and Affected Versions parcimonie versions prior to 0.8.1

Description The issue concerns multiple vulnerabilities in the parcimonie package of the Debian GNU/Linux operating system. These vulnerabilities can be exploited remotely, potentially leading to breaches in confidentiality, integrity, and availability of protected information. Specifically, when using a large keyring, parcimonie sleeps for the same amount of time between fetches, allowing attackers to correlate key fetches via unspecified vectors.

Recommendations For versions prior to 0.8.1, update to version 0.8.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the keyring or limiting the use of large keyrings to minimize the risk of exploitation.