gnupg2-2.2.20-2.el8
エラータID: AXSA:2021-1082:01
The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards.
The following packages have been upgraded to a later upstream version: gnupg2 (2.2.20).
Security Fix(es):
* GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS (CVE-2019-13050)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2019-13050
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.
Update packages.
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.
N/A
SRPMS
- gnupg2-2.2.20-2.el8.src.rpm
MD5: caee405b076858ac24ddbbfa64a15ff3
SHA-256: 88c919065ce44b7197ac6888cad5e7c88598f3d5e4d6c1118284e36a309986c3
Size: 6.52 MB
Asianux Server 8 for x86_64
- gnupg2-2.2.20-2.el8.x86_64.rpm
MD5: 791ba19fd1e0cbc54eba47c6c60210b3
SHA-256: bf024b5583457153916c55cc5a6efbb585d691cfecb781d81f6da8acfa018d9e
Size: 2.40 MB - gnupg2-smime-2.2.20-2.el8.x86_64.rpm
MD5: 2c25637662517f0ae02a904d405b1396
SHA-256: a2aca7635f65baa1f8843037045c9dc9504b731a0594ffff57b28f93c7832dae
Size: 281.95 kB