Mageia Advisory: MGASA-2019-0108 - Updated gnupg2 packages fix security vulnerability

Updated gnupg2 packages fix security vulnerability

Publication date: 14 Mar 2019
Modification date: 14 Mar 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-1000858

Description

GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF)
vulnerability in dirmngr that can result in Attacker controlled CSRF,
Information Disclosure, DoS. This attack appear to be exploitable via
Victim must perform a WKD request, e.g. enter an email address in the
composer window of Thunderbird/Enigmail. This vulnerability appears to
have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060.
(CVE-2018-1000858)

References

https://bugs.mageia.org/show_bug.cgi?id=24178
https://usn.ubuntu.com/3853-1/
https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00009.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000858

SRPMS

6/core

gnupg2-2.1.21-3.2.mga6

Advisories » MGASA-2019-0108

Updated gnupg2 packages fix security vulnerability

Description

References

SRPMS

6/core