QID 671115
Date Published: 2021-11-29
QID 671115: EulerOS Security Update for gnupg2 (EulerOS-SA-2019-2393)
Gnupg is gnu's tool for secure communication and data storage.
It can be used to encrypt data and to create digital signatures.
It includes an advanced key management facility and is compliant with the proposed openpgp internet standard as described in rfc2440 and the s/mime standard as described by several rfcs.
Gnupg 2.0 is a newer version of gnupg with additional support for s/mime.
It has a different design philosophy that splits functionality up into several modules.
The s/mime and smartcard functionality is provided by the gnupg2-smime package.
Security fix(es): gnupg 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.(cve-2018-9234) the do_uncompress function in g10/compress.c in gnupg 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.(cve-2014-4617)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
An arbitrary attacker may exploit this vulnerability to compromise the system.
CVEs related to QID 671115
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| EulerOS-SA-2019-2393 | EulerOS V2.0SP2 |
developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2393 |