gnupg2-2.2.20-3.el8
エラータID: AXSA:2022-3833:01
Release date:
Wednesday, September 14, 2022 - 05:40
Subject:
gnupg2-2.2.20-3.el8
Affected Channels:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards.
Security Fix(es):
* gpg: Signature spoofing via status line injection (CVE-2022-34903)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2022-34903
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
Solution:
Update packages.
CVEs:
CVE-2022-34903
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
Additional Info:
N/A
Download:
SRPMS
- gnupg2-2.2.20-3.el8.src.rpm
MD5: e3ef590d95410b7812c8bb537e7f5f5b
SHA-256: b255edcc9d1f07ddfd814d06e336e23e6820012f3d38441d6d044497536ca52e
Size: 6.52 MB
Asianux Server 8 for x86_64
- gnupg2-2.2.20-3.el8.x86_64.rpm
MD5: 87bd5a4ee30944aace87da45956d6b40
SHA-256: 73e598b8aca79b9ef4f2947b0197f5ddfdebcf566381892299bfe395e0512ff1
Size: 2.40 MB - gnupg2-smime-2.2.20-3.el8.x86_64.rpm
MD5: 903d4ab6cd1640669903360178bc9c9e
SHA-256: 304d836901574967d36bb45897a8ce9ac3a16276d9c6ae38fdc0081e86424ff3
Size: 282.05 kB
日本語