Advisories ยป MGASA-2018-0254

Updated gnupg2 packages fix security vulnerability

Publication date: 24 May 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2018-9234

Description

GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key
certification requires an offline master Certify key, which results in
apparently valid certifications that occurred only with access to a
signing subkey. (CVE-2018-9234)
                

References

SRPMS

6/core

5/core