Advisories ยป MGASA-2020-0425

Updated kleopatra packages fix a security vulnerability

Publication date: 15 Nov 2020
Modification date: 15 Nov 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-24972

Description

The Kleopatra component before 20.07.80 for GnuPG allows remote attackers to
execute arbitrary code because openpgp4fpr: URLs are supported without safe
handling of command-line options. The Qt platformpluginpath command-line
option can be used to load an arbitrary library.
(CVE-2020-24972).
                

References

SRPMS

7/core