gnupg2-2.3.3-2.el9
エラータID: AXSA:2022-4062:02
Release date:
Wednesday, November 16, 2022 - 10:32
Subject:
gnupg2-2.3.3-2.el9
Affected Channels:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards.
Security Fix(es):
* gpg: Signature spoofing via status line injection (CVE-2022-34903)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2022-34903
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
Solution:
Update packages.
CVEs:
CVE-2022-34903
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
Additional Info:
N/A
Download:
SRPMS
- gnupg2-2.3.3-2.el9.src.rpm
MD5: b4fb650bad40a20f0b0bc1734c496a0d
SHA-256: a13c4da5c9231b0aebc8fe3e7d1a7069acb5900bf568946230f2aa7c63ba2f5b
Size: 7.26 MB
Asianux Server 9 for x86_64
- gnupg2-2.3.3-2.el9.x86_64.rpm
MD5: 9e69838c45924dfd172c745c927e44c5
SHA-256: b8048717e548c6fcc95de95ce4b84bc770a3495bf4672b2a484132ba04510457
Size: 2.48 MB - gnupg2-smime-2.3.3-2.el9.x86_64.rpm
MD5: ec444265730d691686c06fd4a0e9b5b4
SHA-256: 4fcc96ae70f8c3ddb5f6dd0303bce7a248d66015d37475ed84c521ce74bd12db
Size: 241.79 kB
日本語