Updated kleopatra packages fix a security vulnerability
Publication date: 15 Nov 2020Modification date: 15 Nov 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-24972
Description
The Kleopatra component before 20.07.80 for GnuPG allows remote attackers to
execute arbitrary code because openpgp4fpr: URLs are supported without safe
handling of command-line options. The Qt platformpluginpath command-line
option can be used to load an arbitrary library.
(CVE-2020-24972).
References
SRPMS
7/core
- kleopatra-19.04.0-1.1.mga7