Advisories ยป MGASA-2018-0292

Updated gnupg gnupg2 packages fix a security vulnerability

Publication date: 19 Jun 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2018-12020

Description

Updated gnupg, gnupg2, and python-gnupg packages fix security vulnerability:

Marcus Brinkmann discovered that during decryption or verification, GnuPG did
not properly filter out terminal sequences when reporting the original
filename. An attacker could use this to specially craft a file that would
cause an application parsing GnuPG output to incorrectly interpret the status
of the cryptographic operation reported by GnuPG (CVE-2018-12020).
                

References

SRPMS

5/core

6/core