Advisories » MGASA-2018-0254

Updated gnupg2 packages fix security vulnerability

Publication date: 24 May 2018
Modification date: 24 May 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2018-9234

Description

GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key
certification requires an offline master Certify key, which results in
apparently valid certifications that occurred only with access to a
signing subkey. (CVE-2018-9234)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22940
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9234

SRPMS

5/core

• gnupg2-2.0.27-1.1.mga5

6/core

• gnupg2-2.1.21-3.mga6