Advisories ยป MGASA-2019-0108

Updated gnupg2 packages fix security vulnerability

Publication date: 14 Mar 2019
Modification date: 14 Mar 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-1000858

Description

GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF)
vulnerability in dirmngr that can result in Attacker controlled CSRF,
Information Disclosure, DoS. This attack appear to be exploitable via
Victim must perform a WKD request, e.g. enter an email address in the
composer window of Thunderbird/Enigmail. This vulnerability appears to
have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060.
(CVE-2018-1000858)
                

References

SRPMS

6/core